Node Chats

Ransomware 101 – An evolving threat

What is ransomware?

Ransomware is a digital crime where your computer files are ‘stolen’ and encrypted, blocking you from your computer. To gain access to your files you usually have to pay a ransom, normally in bitcoin. 

It takes an average of 3 seconds after clicking an infected link for ransomware to start encrypting your files at lightning speed according to Arctic Wolf Networks.

There are three steps:

  1. You receive a phishing email containing the ransomware link.
  2. The victim clicks on an infected link, the ransomware is delivered and starts encrypting files. 
  3. A screenshot will then appear on your screen announcing the ransomware infection, how much the ransom is and how it’s to be delivered to the criminal.

Whatever, the screenshot wording says, the message is GOTCHA!

Who are the victims?

Ransomware is an international phenomenon. Although the majority of cases are heavily focused in the US.

53% of Ransomware detections came from the US in June 2018 – 2019

Canada receives 10% and the UK 9% following the trend of targeting English speaking countries according to Malwarebytes’ global detection statistics.

46% of SMBs have been targeted by ransomware, 73% have paid the ransom.

Shocking figures from Infrascale, highlighting that smaller sized businesses are certainly not targeted less because of their size.

The History of Ransomware

Ransomware has changed its nature in the last few years. About ten years ago, ransomware was a simple scam based on fake antivirus apps leading to a payment to ‘fix’ the problem. 

Then, the fashion changed to ‘blockers’ or ‘lockers’ that locked the user out of their computers asking for payment to be unlocked. 

Now, the fashion is for ‘crypto-ransomware’ that not only locks you out of your files but also encrypts your files. You will likely have to pay a ‘ransom’ in bitcoins to get your files back.

Bitcoin has significantly increased the success and profitability of ransomware of criminals. By using a bitcoin ‘wallet’ for each attack, then moving these wallets through chains of wallets, the movement of money is outside the traditional financial system and anonymous.


Crypto-ransomware is very effective. It generally uses unbreakable encryption and if the user has no file backups then the only solution may be to pay the ransom. 

Even if you pay you may not get your files back – don’t forget you are dealing with anonymous criminals!

The near-majority of people pay the ransom. However, a significant minority of payers do not get their files restored or the restoration instructions are not complete or do not work.

The cost is also rising dramatically according to the Coveware Q2 Ransomware Marketplace Report and this trend is what we expect to continue seeing.

The average ransom payment increased by 184% from Q1 to Q2 this year, nearly tripling the cost from $12,762 to $36,295

How are ransomware attacks delivered?

Spam campaigns hit millions of users daily. Just 0.001% of these spams finding a victim still means high profits to the criminals.

A click-rate of only 0.001% (and lower) is still very profitable to the criminal – they sent out 10m spam emails. At 0.001% click-through rate, that’s over $100,000 of ransom returns!

The most common way of infection is by a person(s) simply clicking on a link in a botnet-delivered email. Some of these emails will be categorised as spam and others deleted by the recipient, however, the criminal plans on these deletions. 

Ransomware criminals are now becoming more expert, innovative and audacious with their tactics.

They are finding ways to stay out of the spam folder to increase their click rate by creating more believable personalised campaigns with a higher ransom cost.

Personalised methods of attack to watch out for

1.) Social media

The newer trend is to ‘personalise’ the email using data from social media sites. The criminal collects data from sites like Facebook or LinkedIn and searches for potential candidates. 

Or, they may buy or hire email lists of individuals in a certain target industry and/or profession. Sure, the criminal is spending time and money but they will get a higher click-through rate.

On a much-reduced spam email volume, they might net $250,000 or more.

2.) Impersonation of the government or a business

Further variations are emails from well-known organizations such as a delivery note from UPS, an alert from the IRS (Internal Revenue Service), a family post on social media and so on. 

3.) Downloads

These infections depend on spam emails getting through. A more reliable method for criminals is to get the recipient to download an infected work-relevant file containing a macro, which in turn delivers the ransomware. 

Within the download is a macro that may initiate the ransomware at a later date.

As the criminals say ‘‘job done’’, and then they wait to receive their $250,000 returns. 

4.) Exploit kits

Another mechanism, now becoming more common, is the trend of ‘exploit kits’. Typically, these are fake notifications to update a piece of software from a reputable software supplier, such as JavaScript or Adobe Flash. 

Although seemingly reliable as a source, the download leads to the ransomware being installed. 

5.) Iframes

Further variations are ‘iframes’ installed on web servers and the web pages on the server. The ’iframe’ directs website visitors to the exploit server, which downloads the ransomware. Variations are particularly harmful. For example, an advert placed on a popular website is an advert that directs to the exploit kit. 


Simply put, it’s based on one inadvertent and simple action. Someone clicks on an infected link on an email and/or website – stop this and you stop ransomware.

We understand that it’s not always that clear cut which is why we provide educational materials to our insureds and educational content to our followers in the hope that we can contribute to the creation of a cyber-risk aware world.

Node Chats

Node Chats – Are you weakest or strongest link?

We’re back with another episode of Node Chats, your podcast for all things cybersecurity.

Neil Gurnhill talks to Gabriel Friedlander, Founder of Wizer, about citizen cyber training in the second episode of Node Chats.

We cover remote job scams, how to teach your children to stay safe online and much more.

“You really have to educate people if you want to have a chance in fighting cyber crime.”

Gabriel Friedlander, Founder of Wizer

Wizer is a full security awareness platform with 1-minute videos, phishing simulation and gamification. Offering both free and optional paid add-ons for the community and employees alike.

Here are some quick tips on how to be cyber smart:

  • Use antivirus software.
  • Update your devices when needed.
  • Start questioning links, never click on a link you don’t trust.
  • Always use strong passwords— characters, numbers and letters.
  • Be careful what personal information you share, particularly on social media.
  • Teach children not to post or share personal information such as their photograph, address or age.

If you prefer just audio, make sure to check us out on other platforms:

Hit the follow button to be the first to know about the latest cybersecurity news.

If you’d still like to know more, comment or drop us a message, we’d love to hear what you think.

Node Chats

Cyberman365 is live!

We are very excited to be welcoming our first clients onto Cyberman365!

We strongly believe everyone should have the opportunity to improve and secure their digital wellbeing, and now you can!

Cyberman365 IDNotify – What is it?!

PROTECT your identity and so much more with our comprehensive monitoring of your personal data, whether financial, medical or social.

ALERT receive instant alerts via text or email if your data is used fraudulently.

RESOLVE with our ID Restoration and Insurance coverage when you need it most.

Some of our favourite features:
– Lost Wallet Protection
– Social Media Monitoring
– Dark Web Monitoring

Cyberman365 HomeSafe – What is it?!

PROTECT – Our system will simulate possible cyber attacks allowing us to uncover vulnerable access points for the connected devices in your home. HomeSafe monitors 24/7 for potential cyber threats.

ALERT – We will provide step by step instructions for you to improve your home network to further reduce your chances of a cyber incident.

RESOLVE – In the event of a security incident an expert human response team is on hand to take over the network and stop the attack. If damaged, HomeSafe will restore your device, network and data.

Our favourite feature has got to be how it finds vulnerable access points and tells you how to fix them at home! No additional costs or experts needed.

After months of hard work, we can’t wait to hear what you think about our service and hope you love it as much as we do.

Check out our brand new website:
If you have any questions, drop us a message.

Node Chats

Node Chat Podcast Launches!

We are proud to announce the launch of Node Chats, your podcast for all things cybersecurity.

Neil Gurnhill kicks us off with a hot topic, inviting David Kruse, Director of Business Development at Tetra Defense, to discuss the evolving nature of ransomware.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

A new organisation will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)

This is a current, very real issue that affects large companies, small business and the everyday person.

Learn how to spot early signs that ransomware is on your network before encryption.

David talks about the factors that can influence early detection such as the level of information security systems that your company has in place to flag the invasion and the quality and skill of the person who compromised that network.

If you have a hacker that’s just a bull in a china shop and hasn’t quite figured out how to be more stealthy, you’ll see indicators of compromise all over the place.

David Kruse, Director of Business Development at Tetra Defense

Listen to the podcast for answers on everything ransomware, drop us a comment if you have any more questions and we’ll be happy to get back to you.

Don’t forget to subscribe to Node Chats and be the first to know about the latest cybersecurity news.

Find us on:

Recent Comments
    About Node International

    We provide leading comprehensive insurance coverage combined with essential cybersecurity prevention and detection tools.

    Related Links
    Cyber Insurance Newsletter

    Interested in Cyber Insurance?

    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Consent to display content from Youtube
    Consent to display content from Vimeo
    Google Maps
    Consent to display content from Google
    Consent to display content from Spotify
    Sound Cloud
    Consent to display content from Sound