October 26, 2017


Ransomware is a form of malware that denies access to data or systems until the victim pays the cybercriminal a ransom fee to remove the restriction. It has been around for many years but has recently become much more popular and profitable. CryptoLocker, CryptoWall and RSA4096 are examples of well-known ransomware.

How ransomware works
Ransomware can make its way onto a system through a variety of means, with the victim ultimately downloading and installing a malicious application. Once on the device, the app will spread throughout the system and encrypt files on the hard drive or simply lock the system itself. In some cases, it may block access to the system by displaying images or a message across the device’s screen to persuade the user to pay the malware operator a ransom for the encryption key to unlock the files or system. Did you know: Bitcoins are a popular form of ransomware payment because the digital currency is difficult to trace!

One of the most common distribution methods of ransomware is phishing emails. These types of emails attempt to entice recipients to open an email and click on a website link. The site may ask for sensitive information or contain malware, such as ransomware, that is downloaded onto the victim’s system. 23% of recipients open phishing emails and 11% actually click on the attachments!

Another popular form for distributing ransomware is “malvertising,” or malicious advertising, which uses online advertisements to spread ransomware. The attacker infiltrates advertising networks, sometimes posing as a fake advertiser or agency, and inserts malware-laden ads into legitimate websites. Unsuspecting visitors to the sites don’t even need to click on the advertisement for their system to become infected. In addition to launching ransomware, “malverts” can be used to extract customer credit  card numbers, Social Security numbers and other confidential information.

Many attacks are based on known vulnerabilities in operating systems, browsers and common apps. Cybercriminals are able to exploit these vulnerabilities to launch their  ransomware attacks against systems that are not up to date with the latest software patches!  Unpatched systems leave you at risk: Unpatched operating systems, browsers and applications may contain vulnerabilities that cybercriminals can exploit to launch ransomware attacks!

External devices, such as USB drives, are used to store and transfer files — making them targets for spreading ransomware across multiple systems. Some of these files contain an advanced feature known as macros that can be used by hackers to execute ransomware when the file is opened.

Hidden Ransomware Lurking!
Ransomware can also go undetected in firewalls that are unable to decrypt and inspect SSL-encrypted web traffic. Legacy network security solutions typically either don’t have the ability to inspect SSL/TLS-encrypted traffic or their performance is so low that they become unusable when conducting the inspection. Increasingly, cybercriminals have learned how to hide malware in encrypted traffic. The use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption continues to surge, leading t o under-the-radar hacks affecting at least 900 million users in 2015! 

What can you do?
Keystone Security Systems specializes in Network Security Protection using advanced and cost effective firewall technology that can enhance protection across your organization by inspecting every packet and governing every identity. As a result, this protects your data wherever it goes, and shares  intelligence to safeguard against a variety of threats, including ransomware!

Keystone Security Systems provides network security solutions designed to protect simple to complex IT systems and computer networks. As a leading security company based in Rochester, NY, our network security solutions offer the highest level of protection, customer support and satisfaction.

Protect against business disruptions, data breaches and keep your employees productive with network security. Keystone Security Systems will work in partnership with your IT department to protect your company’s assets and data.