How Ransomware works

Monday 18, February 2019

Did you know that if Ransomware such as WannaCry or Petya gains access to your network and infect your systems, it can jeopardise your business and cause huge financial losses?

The ransomware ‘WannaCry’ became famous in 2017 after infecting hundreds of companies (including some high-profile Maritime cases) over the world, some of which lost millions of dollars. Even eighteen months after the initial outbreak of the WannaCry Ransomware infection, the malware continues to infect computers all over the world.

How Ransomware works

Ransomware is a form of malicious software (or Malware) that takes over your network and computers, threatening you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising (not always truthfully) to restore access to the data upon payment.

Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cyber criminals in Bitcoins.

How Anti-Ransomware works

Protect, Detect and Resolve:

  • Anti-ransomware detects how applications and software are running
  • The Ransomware detection uses behavioural monitoring to follow a self-learning process
  • Analysis is conducted across all software on the network, such as Microsoft Office or Navigation apps
  • The system learns how the network functions and detects anomalies, such as data-encryptions or other suspicious behaviours
  • As soon as suspicious behaviour is detected, the anti-ransomware stops, kills the process and is put in quarantine until a later date when it will be destroyed. The protection process is completed by an automatic roll-back allowing you to retrieve your original files

Key Risks

It is a common belief that because the high-profile Ransomware issues have been resolved, the risk is reduced or nullified. However, the reality is that new threats are being created every single day and Ransomware continues to infect networks and to affect thousands of new victims. This is proven by Cerber, another example of Ransomware which creates new versions with a unique variant that hasn’t yet been discovered, providing a very real risk to the Maritime Industry.

Marlink offers a range of tools to keep you and your vessels protected at all times. Want to learn more about our services and how we can keep you secure in the Digital Age? Download our Cyber Security White Paper or check out Marlink’s Cyber Guard video.