June 7, 2016
Understanding the Anatomy of a Ransomware Attack

Ransomware Definition: A type of malicious software designed to block access to a computer system until a sum of money is paid. These type of attacks are targeted at small, medium, and large businesses as well as individuals.
Americans paid $325 million in ransomware in 2015 and attacks are on the rise. In 2015, ransomware was detected on 753,684 computers, 179,209 of those targeted by encrypted ransomware like cryptolocker. Ransomware is one of the biggest threats to businesses in 2016 and cyber criminals are attacking companies of ALL sizes.
In order to help you better understand what ransomware means for the security of your business, here is the anatomy of a ransomware attack, how it has evolved through the years to become even more threatening, and what to do if you get infected.
Anatomy of a Ransomware Attack at a glance:
1996: Concept was conceived
2013: The first cryptolocker was launched, mostly targeting Windows systems. $27,000,000 was earned within 2 months before that effort was shut down.
2014: 1st version of Android cryptolocker was launched
2015: Cryptolocker grows rapidly in their prevalence
- 17% of all infections were on Android
- Americans paid $325 million in ransom
- Detected on 753,684 computers
- 179,209 targeted by encrypted ransomware, a 24% increase from 2013
- 32% of computers were attacked by at least one Web attack (According to Kaspersky)
There were more than 10 new ransomware families introduced in 2015 alone – including the emergence of new families of ransomware, such as CrytoWall v2 and V3, TorrentLocker, CTB-Locker, and Teslacrypt.
Now, in 2016, recent enhancements have made attackers even harder to find and catch, as well as making the attacks themselves more damaging.
- Attacks are more anonymous than ever, through the use of Bit Coin and the use of Tor network or the I2P (Invisible) network
- Mobile devices (Android) are the focus of several new attacks
- Mass storage devices and attached storage are also being targeted, impacting more data than ever before
Roughly 25% of all ransomware attacks are against U.S. companies. This includes smaller organizations where a) data is critical, b) system availability is critical and 3) security defenses are low. That means service organizations like medical, financial, technology, legal, insurance, sales organizations, etc. are easier targets, draw less media attention when breached, have valuable data and value system up-time, and can also be a gateway to large enterprise partners. Larger organizations are also targeted, where leverage is high.
So, what exactly happens when a company gets attacked?
- The #1 attack vector typically used is email based phishing links and file attachments (often Spear Phishing). Attachments may use .zip files, and a multitude of other innocuous files, such as .scr (screen saver files). Zero Day malware will be delivered via attachments, browser vulnerabilities, office applications, pdfs, Java, and Flash.
- By clinking on malicious Website links or opening file attachments, your browser or application is compromised and malware is now running on your PC.
- Once running on your PC, The malware contacts remote command and control center (C&C) via the internet and downloads your ransomware.
- The new downloaded malware is now installed.
- Encryption keys are provided from C&C center.
- Your files are now encrypted in the background until the entire PC is encrypted.
- The latest ransomware may also encrypt backup files that you have stored on your network, making it impossible to restore from backups.
- Your system is now locked and unusable.
- You will now see the ransomware extortion demand screen and be instructed to send money (usually Bitcoin) to get your PC files restored.
If you’re infected…
One study shows that 50% of those who are infected pay the ransom. These days, ransomware is so effective that even the FBI gave this official statement: “The ransomware is that good… To be honest, we often advise people just to pay the ransom”.
You don’t have to pay the ransom, though, if you don’t get breached. eSecurity Solutions protects businesses from a ransomware attacks through advanced security prevention, monitoring and management solutions. Contact us to get a Security Assessment and to discover your current risk level.