Ransomware and the weakest link

Links in a metal chain

We've all heard about ransomware attacks, and how they are increasing all the time.

Ransomware is a demand for payment in exchange for returned control over (your own) data or systems.

When we think of ransomware, we think of attackers who have encrypted their victim's data, and demand a ransom - usually in Bitcoins - for decryption.

This is the most common kind of ransom, but it's not the only one. For example, attackers can threaten to release confidential data to the public. Or they can block access to the target company's own systems without even encrypting the data.

Most ransomware attacks target large organisations, including hospitals and local governments. But these attacks can impact more people than just their targets.

A (very) recent example

Did you follow the story of Colonial Pipeline in the news recently?

Colonial Pipeline operates one of the largest fuel pipelines in the US. On 7 May 2021, Colonial was the victim of a ransomware attack on the system that manages the pipeline. The company shut down operations and froze systems to contain the attack.

This affected the supply of fuel to large areas of the US. And this, in turn, led to panic buying, which led to an increase in the fuel price not seen since 2014. It's a vivid example of how ransomware can seriously impact people who are not the target.

The group "DarkSide" claimed responsibility for this attack. Colonial paid nearly 75 Bitcoins ($5 million) for the decryption software (which apparently worked very slowly). After 5 days the company slowly resumed operations.

How does ransomware work?

Most ransomware attacks use malicious software disguised as a legitimate program.

A popular way to distribute ransomware is through a phishing attack. The attacker attaches an infected document or URL to an email. Another popular method is to use a ‘trojan horse’. The ransomware is disguised as legitimate software. It infects devices after it has been downloaded and installed.

(The WannaCry ransomware cryptoworm is an exception: it automatically infected machines without user interaction. In 2017 WannaCry infected more than 200,000 Windows computers across 150 countries within a single day.)

Ransomware software will search for files and encrypt them. It may delete any files it cannot encrypt. Then it will move on to infect connected devices like USB drives. And then it will try to infect other devices on the network. The process is typically very fast and can take place in a few minutes. Afterwards the software will display a "blackmail" note, usually with a countdown to create urgency.

That's the bad news. The worse news is that often the data cannot be restored. Most experts advise against paying the ransom, because only a minority of those who pay actually get back all their data.

From the perspective of the attacker, ransomware is very effective. It generates millions of dollars in revenue for hackers each year. But, of course, it costs companies much more than the ransom. There is the cost of recovery, and the damage to corporate reputation.

How to protect against ransomware

Most of the steps that you can take to protect against ransomware are the same steps you should take to protect against any cyber threat.

  • Don't open suspicious attachments. Make sure that your operating system is configured to show the extensions of files, and not just their name.
  • Keep your software up to date. Install patches as they are released.
  • Use strong spam filters to prevent phishing emails from reaching users. Make sure your users can spot a phishing email.
  • Run anti-virus software. Check that it is correctly configured and up-to-date.
  • Use the principle of least privilege when granting access to systems.
  • Use strong passwords and a password manager.
  • Monitor your network and systems for suspicious activity.
  • Switch off unused wireless connections, like Bluetooth or infrared ports.

The weakest link

Like most cyber crime, ransomware targets human error. Remember that the weakest point in the cyber-defence of any organisation is its users.

So the most important thing you can do to protect against ransomware is to educate your users. I hope this sounds familiar. It's a recurring theme, because human error and user ignorance is a recurring problem.

As always, please share your thoughts and comments.

Leave a Comment

Your email address will not be published. Required fields are marked *

© 2025 Incus Data

info@incusdata.com      •      (27) 12-666-2020

Whatsapp Facebook Linkedin

Stay home. Stay safe. Stay informed.  Find information at www.sacoronavirus.co.za

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email info@incusdata.com

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.