Ransomware attacks

Stop ransomware attacks with Mimecast

Preventing ransomware attacks requires new technology.

Ransomware attacks are increasing at an alarming rate. The U.S. government estimates that companies are subject to more than 4,000 attacks each day, resulting in $1 billion in ransom paid each year.

While ransomware attacks come in many variants – Cryptowall, Locky and Cryptolocker are among the most common – they each follow a similar pattern. A user receives an email with an attachment that looks like a Word document, an invoice, a package notice or a fax report, along with a message that convinces the user the attachment is real. When the attachment is opened, the ransomware virus runs a file that encrypts files and documents on the user's computer. The user receives a message stating that they can get the encryption key and regain access to their files only by paying a ransom.

When trying to prevent ransomware attacks, the challenge is keeping pace with the ingenuity of attackers. And because most ransomware attacks are launched through email, any defensive measures must focus on email security. That's why so many companies around the world choose to combat ransomware attacks with help from Mimecast.

Stop ransomware attacks with Mimecast.

Mimecast provides cloud-based solutions for email security, archiving and continuity that can help to prevent most ransomware attacks, provide continuous access to email during an attack, and recover quickly after attack.

Mimecast is an all-in-one, SaaS-based subscription service that significantly simplifies the task of managing business email. With powerful, easy-to-use tools and centralized administration, Mimecast eliminates the need to deploy and manage multiple point solutions from various vendors. With Mimecast, your administrators can easily configure and manage tools to stop ransomware attacks like the crypto virus and safeguard email from a variety of routine and advanced threats.

Mimecast's defenses against ransomware attacks.

To thwart attacks like Cryptolocker and Locky ransomware, Mimecast provides Targeted Threat Protection services that prevent users from accessing malicious attachments. Mimecast scans all incoming and archived email and, using advanced threat intelligence, identifies attachments deemed to be suspicious. Attachments can either be preemptively sandboxed until they can be examined for ransomware attacks, or immediately transcribed to a safe format that allows users to have instant access to the content in the attachment.

Mimecast also prevents users from clicking on potentially malicious links in email by scanning the destination website in real time and blocking any suspicious URLs.

To reduce the impact of ransomware attacks, Mimecast Enterprise Information Archiving provides safe storage of all email content in the cloud, enabling administrators to roll back data to a point just before ransomware attack. And Mimecast Mailbox Continuity enables users to have continuous access to email during an outage caused by an attack, a natural disaster, hardware failure or human error.

Learn more about mitigating ransomware attacks with Mimecast.

FAQs: Ransomware Attacks

FAQs: Ransomware Attacks

What are ransomware attacks?

Ransomware attacks are a form of cybercrime where malware, or malicious software, is downloaded and installed on a computer to prevent users from accessing files and data on the computer until or unless a ransom is paid. 

How do ransomware attacks work?

Ransomware attacks are launched in several ways. Attackers may use phishing emails that convince recipients to share login information and passwords that attackers can use to enter a system and install malware. Emails may have malicious attachments that download malware to a computer when opened, or malicious links that take users to a website where ransomware can be downloaded. Other ransomware attacks are executed when attackers exploit vulnerabilities within software and systems to gain unauthorized access to an organization’s network.

There are several well-known types of ransomware attacks.

  • Crypto or encryption ransomware attacks, the most common type of ransomware, encrypt files and data on a computer and make the content unavailable without a decryption key which can only be obtained by paying a ransom.
  • Lock screen ransomware locks down the computer and prevents access without encrypted files.
  • Scareware is a type of ransomware attack that, rather than preventing access to files, issues fake warnings about viruses supposedly installed on the computer and demands payment to have them removed.
  • Doxware or leakware threatens to reveal sensitive or personal information if the victim does not pay a ransom.
  • Mobile ransomware infects cell phones through drive-by downloads or fake apps.

How to identify ransomware attacks?

Since most ransomware attacks are the product of phishing emails that trick users into opening attachments, clicking links or sharing information, training users to spot phishing email is one of the most powerful ways to prevent ransomware attacks. Many phishing emails contain telltale signs such as:

  • Poor grammar and misspelling.
  • An urgent and threatening tone.
  • Requests for personal information.
  • Mismatched URLs, where a link within the body of the email directs the user to a website that is different than the site listed in the text of the email.
  • Mismatched email addresses, where the sender’s address is not an exact match of the domain from which it appears to be sent.

How to prevent ransomware attacks?

Preventing ransomware attacks requires a multilayered approach to security.

  • Antivirus software can help to detect ransomware variants that have already been identified.
  • Anti-ransomware solutions can identify ransomware attacks that other defenses may miss by using content scanning and filtering to identify potential threats, especially malware-less email attacks that rely on social engineering rather than malicious attachments or links.
  • Strong security awareness training programs can help to prevent successful attacks by continually remind employees of how they may encounter a ransomware attacks and what are best practices for avoiding them.
  • To prevent attackers from exploiting vulnerabilities, software and system should be constantly updated with patches.
  • Robust backup solutions can help to restore data quickly after a successful ransomware attack.
  • Email continuity solutions can help to ensure continuous access to email during and after a ransomware attack, enabling the business to avoid a hit to productivity.

What to do after ransomware attacks?

Because no security program can stop every attack, it’s important to have plans for how to recover after a successful attack. Your first step should be to disconnect all affected computers from the network and shared storage to prevent ransomware from spreading. After identifying the type of ransomware, report the attack to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at www.us-cert.gov/report and to a local FBI field office. To recover data affected by ransomware attacks, you may try to decrypting files with help from specialized tools and companies, or wiping infected computers clean and restoring files for backup.