What is Ransomware?

Oct 10, 2022 | WordPress security

WHAT IS RANSOMWARE?

You may have heard of ransomware before, but what exactly is it?

Ransomware is a type of malware that hackers use to infiltrate a computer or network and hold it for ransom. They do this by locking the user out of the system or encrypting important files so that they can’t be accessed.

The victim is then forced to pay a ransom in order to regain access to their files. While ransomware can be very damaging, there are steps you can take to protect yourself from it. In this blog post, we will discuss what ransomware is, how it works, and how you can protect yourself from it.

 

AN EXAMPLE FROM THE FRONT LINES

The motivation for these acts often boil down to some type of revenge or money.

If a company ends up paying hackers to regain their encrypted files, the public might never hear of it due to a company’s agreement with the hackers or maybe just their overall embarrassment over the situation.

Recently a well known online media company, Fast Company, was the target of a very serious hack where the bad guys hacked into the Fast Company website, took control of a system that fed news out to other outlets, and sent obscene content that looked like it came from Fast Company.

So how did those hackers gain control of Fast Company’s website and cause all this heartache for them?

Their ADMIN password for their WordPress website was “pizza123”

HOW DO HACKERS ASSUME CONTROL OF A WEBSITE?

Can you 100% prevent a hacker from accessing your website? Not really sure, I imagine that somewhere, somebody can probably crack into any site they want – however, there are so many easy targets out there if the bad guys run into a decent amount of resistance on your site they can very easily find another with fewer defenses.

That said; the two main vulnerabilities we’ve seen on WordPress websites are these:

 

(1) POOR MAINTENANCE HYGIENE

One common method for infecting a website with ransomware is through injecting malware into vulnerable code or plugins. Say your website was built on WordPress, the most frequently used CMS on the Internet, and you don’t have a regular maintenance schedule in place. This can result in the various components of your website (the WordPress core, the theme, the plugins – which are essentially add-on software products to provide more functionality than WordPress offers out of the box) if these become out of date and haven’t been updated in a timely fashion, they can be ripe for the bad guys to infiltrate your website.

One of the main reasons that these software companies issue update is to patch security “holes”. This is why it’s super important to check for updates to your site on a weekly basis.

 

(2) POOR CREDENTIAL HYGIENE

Using weak or common login credentials, such as “admin” as a username and a simple password like “password,” can make it easier for hackers to gain access to a website. They can use brute-force attacks to guess these common combinations, which means that if you use “admin” as your login name – half the battle is done. They can use software tools to try tens of thousands of password combinations to pick that lock that keeps them from full access to your website.

This is why it’s critical for businesses to regularly update their credentials and use strong, unique passwords, example: 4%Tu8$H9krZ84U* as a password instead of “Buster12”, or whatever you dog’s name is plus some clever numerical sequence to follow). The bad guys will figure that out in seconds. in order to protect themselves from these types of attacks.

 

HOW TO CHECK THE STRENGTH OF YOUR PASSWORD CHOICES?

You can check the strength, or crackability, of your password by entering it to a site such as Password Monster. Enter your password and it’ll give you an estimate to how long it would take a hacker using software tools to figure it out.

By the way, “Buster12” would take about 0.4 seconds for a hacker’s software tool to guess.

4%Tu8$H9krZ84U* would take 8 trillion years.

“pizza123″… 0.25 seconds

Convenience is not always our friend.

Check your passwords out here: https://www.passwordmonster.com/

How on earth would I ever remember 4%Tu8$H9krZ84U* ???

Fair point, it’s complicated and hard to remember (by design – I’m looking at you pizza123 !), you should be using a password manager to help you wrangle all of your newly created super complicated passwords. I like LastPass but there are others that are equally secure and highly rated.

ADD AN EXTRA LAYER OF SECURITY WITH TWO FACTOR AUTHENTICATION

Two factor authentication adds an extra layer of security to online accounts by requiring not only a password, but also a second method of verification such as a fingerprint or code sent to a mobile device or your email address.

This means that even if a hacker did obtain someone’s password, they would also need physical access to the secondary verification method in order to gain access to the account. In today’s increasingly digital world, where personal information and financial accounts are frequently targeted by cyber attacks, two factor authentication can help protect against these threats and prevent unauthorized access to sensitive information.

CONCLUSION

In conclusion, it is important to note that ransomware attacks can have serious consequences for individuals and businesses alike. It is crucial to stay vigilant and take steps to protect yourself, such as regularly backing up important files and staying up to date with the latest security updates and requiring strong, complex passwords for all your systems.

If you do fall victim to a ransomware attack, it is important not to panic, if possible bring in a knowledgeable security consultant, and carefully assess the situation before deciding whether or not to pay the ransom.