What does ransomware look like and how can you protect your business?

With recent attacks in the news, you’re probably thinking more about ransomware and how you can protect your business from infiltration. But what does ransomware look like, what types can you encounter and what tools should you put in place to keep your estate safe? We’ll share it all in this quick read.

What is ransomware

Ransomware is a type of malicious software. It gets into your systems and restricts access or encrypts files, asking for money to release the data. Of course, if you make those payments, there’s no guarantee the criminals will keep their word and restore normal operations. Plus, it’s possible they have stolen or copied the data in the meantime, further causing damage to your reputation and customers.

Recent ransomware attacks

In September, the LockBit ransomware gang stole UK security data. Hackers exploited an obsolete Windows 7 PC to gain access to the company’s servers, and exfiltrate data which has since been published on the dark web. This included information about the UK’s military bases.

Also, around the same time, Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, was hit by a massive cyber-attack. The Dark Angels ransomware group claimed to have exfiltrated over 25 TB of data from the organisation. If a whopping $51 million ransom was not paid, Dark Angels threatened that the stolen data would be published on the “Dunghill Leaks” site. So, you can see that the scope of these threats is vast and far-reaching.

Cisco reports that by 2031, ransomware is likely to cost victims more than $250 billion annually, with a new attack occurring every two seconds.

What are the types of ransomware?

There are four types of ransomware schemes commonly used to target companies.


This type of ransomware, also called Doxware, is a unique software that looks for sensitive data and extracts it. The goal is to threaten the target to pay up or the data will be leaked to the public. They also might sell the data on the dark web to the highest bidder. This type of ransomware infects systems through phishing scams or via vulnerabilities in the network.

Locker ransomware

Here, the attackers lock the target out of their device. Often, after the device is infected, the user will see a full-screen message – like the blue screen of death – that tells them how to pay to get access back. It’s usually acquired through scam emails, fake notifications or duped downloads that look legitimate.


With this type of ransomware, the goal is to induce fear. It will show fake warning messages or scans that the computer or device is infected with viruses. It will ask the user to buy fake anti-virus software or make a payment to a support team who will then ‘remove the viruses’. It can be activated by visiting malicious sites, downloading compromised software or via email attachments.

Crypto ransomware

The last common type of ransomware is where files are locked down via encryption unless you pay the attackers (often in crypto) to release the data. Crypto ransomware spreads through various channels, such as malicious email attachments, compromised websites, or exploit kits targeting vulnerabilities in software.

How to stop ransomware attacks

The best way to stop ransomware attacks is a two-pronged approach. First, you need to block access to all the ways that hackers could get at your data and then you need to have robust backups and recovery systems in case they get through anyway. Your security solution should be advanced and multi-frontal and include tools such as Cisco Umbrella.

Cisco Umbrella includes a range of features to keep attackers at bay including:

  • Email – keep ransomware from being delivered via spam, email attachments, faked URLs and phishing emails
  • Endpoint – intercept any ransomware attacks as they happen, cutting off infected processes before they get to your data
  • Web – protect your users online with DNS security that looks for comprised systems and blocks threats across all ports and protocols before they get in
  • Access – with Cisco Duo, keep stolen credentials from putting your company at risk
  • Network – deploy an advanced network detection and response solution to monitor traffic and shut down anything irregular
  • Response – use Talos Incident Response to access a proven PoA if ransomware does get through.

Want help configuring a market-leading security solution? Talk to our team now.

Leave a Reply

Your email address will not be published. Required fields are marked *