Anatomy of a Ransomware Attack

The old email scams from Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies, and many businesses, ransomware attacks is an especially sinister type of malware delivered through spear phishing emails. This is the screen that strikes fear in the hearts of businesses and companies:


These attacks lock up valuable data assets and demand a ransom to release this data. This is a rapidly-growing security threat. “We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response. “It’s a big business, and the return on investment to attackers is there, it’s going to get worse.”

Once an employee or staff member is tricked into allowing the ransomware to install, it spreads quickly throughout your network. Here is a flowchart of a Crypto-Ransomware attack:


While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center, and the numbers are only growing in 2016. Hackers, most of which are located in developing countries, are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report. “The days of grammatically incorrect, mass spam phishing attacks are pretty much over,” says James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the report. Hackers can now check a victim’s social media accounts, and create a fake email address pretending to be a friend or contact in order to get them to click on an infected link or attachment. “It’s much more targeted, and will exploit a particular vulnerability in a device, application, server or software,” Scott adds.

This chart shows the most dangerous variants of Ransomware that has surfaced so far in 2016:


A typical ransom demand is $300, according to a report from security firm Symantec. Ransoms are purposely kept low so business will choose to pay instead of lose their data. Unfortunately, when you do pay, the encryption key you are given only unlocks the CURRENT attack. The ransomware is still hiding in your computer and can be activated at a future date to give the hacker another payday.

Currently, the healthcare sector is highly targeted by hacker attacks, due to antiquated or misconfigured computer security systems and the amount of sensitive data they hold. The large number of employees at most hospitals also makes cyber security safety training difficult. Experts commonly see attacks occur through spear phishing, targeted emails with attachments with names such as “updated patient list,” “billing codes” or other typical hospital communications that employees may click on if not warned. 

We feel the information given in the following lessons is essential for all employees and management of any company, no matter what size, to learn for the future security of the company or organization. Ransomware attacks can be greatly reduced if employees are properly trained in cyber security. This course will teach everyone how to recognize the different ways cybercriminals will attempt to hack you, and how to avoid being a victim.