Ransomware attackers are 21st century highwaymen, “threatening the lifeblood of their victims — information” and “law enforcement has neither the time nor the resources to track down the culprits.


What can you do to protect from ransomeware?

One thing firms can do is make sure that personnel are more aware of common ransomware attacks by user awareness and training that will deter the attackers. The importance of not clicking on unknown emails or attachments, or even ads on reputable sites, and of learning to recognize bogus emails and ads, should be impressed on all staffers from top to bottom. In addition, all personnel should be warned not to use unsecured devices for client data, connect unprotected personal devices (such as flash drives) to company systems and to keep their own antivirus protection up to date.


1. Traffic distribution system (TDS)

  • Traffic distribution services redirect Web traffic to a site hosting an exploit kit. That traffic can be pulled from adult content sites, video streaming services or media piracy sites. Some ransomware groups may even hire a TDS to spread their ransomware. Another reason that you should never allow employees to download anything without IT consent.

2. Malvertisement

  • A malicious advertisement can redirect users from a harmless site to a malicious landing page. Malvertisements may appear legitimate and can even appear on trusted sites if the administrator is fooled into accepting the ad provider or if the site is compromised. Malicious threat actors can purchase traffic from malvertisement services.

3. Phishing e-mails

  • These are the primary delivery methods of ransomware, simply because people are so conditioned to open emails and click on links and attachments. Even with training and awareness programs, most organizations find it difficult to reduce successful spear phishing attempts to less than 15% of personnel.

4. Down loaders

  • Malware can be delivered onto systems through stages of down loaders to minimize the likelihood of signature-based detection. Ransomware criminals pay other threat actors to install their ransomware onto already infected machines. Ransomware could even act as a mask for a deeper malware infection unsuspected by users that will remain even after the ransomware is removed.

5. Social engineering

  • Social engineering and human ignorance can conspire to get people to install the malware on their own computers. Fake antivirus applications tell users that their computer is at risk of numerous debilitating viruses, and performance optimizers convince users that their system can achieve better results.

6. Self-propagation

  • Usually a form of crypto-ransomware (which encrypts a user’s data), some forms of ransomware are able to self-replicate throughout a network much as other kinds of malware do — such as spreading through a user’s contact book via messages into other systems.

7. Ransomware as a service (RaaS)

  • This is actually the outsourcing of malware to less technical criminals. The applications are designed to be deployed by almost anyone, with the original creator of the malware collecting a percentage of the ransom as a fee if the person using the creator’s ransomware is successful at collecting a ransom from the victim.


Need someone to talk to about your company’s cyber coverage? Gary Harshbarger is our cyber expert at Gunn-Mowery, LLC. He was one of the first in our area to write a cyber policy in 2005. In addition, Gary has sat on numerous cyber security panels, as well as has presented at many conferences. The Upside of Insurance is helping you with your cyber insurance needs.