Ransomware Kits... Get 'em while they're hot!

Here is a business opportunity we have have overlooked.

It has a low barrier to entry… not a lot of skill required.

Sure, it's illegal, but there is a very low risk of getting caught and prosecuted.

And... the money is huge!

Where do I sign up for such an amazing opportunity? For just a couple of hundred dollars (and access to the dark web), you can own your own ransomware company!

The ransomware business is going gangbusters. One famous operation, REvil, boasted profits over $100 million in one year. And with goals for much higher returns ahead. A key to their success is their use of affiliates or franchisees. It's a franchisee opportunity for the lowly scrupled! Many organized ransomware gangs operate some sort of a ransomware-as-a-service operation. The gang provides the malware and tools needed. The affiliates do the heavy lifting of finding, infecting and extorting victims. In return, they get to keep the lion’s share of the money. The parent company usually takes away 20-30%.

Oh, for this opportunity, it helps if you live in Russia where (by many reports) they tend to turn a blind eye to cybercrime as long as they don’t target Russia. It’s a sad situation.

With no end in sight for this digital pandemic, what can you do to protect yourself against ransomware? Here are 7 important things you should be doing (in no particular order).

7 Effective Steps to Avoid Ransomware

Keep Your Business Secure

1. Back-up Your Data

Have secure, offsite point-in-time backups

Data backup should be done regardless, to protect against all sorts of threats that can cause data loss. For a ransomware attack, you need to have an offsite, point-in-time backup solution. This means you will be able to restore your data to a particular point-in-time, even if other backups have occurred since. Avoid using cloud storage solutions such as Dropbox and OneDrive as your backup plan. These are syncing services, not backup services. Many have found out the hard way that they don’t have robust backups, if they have any backups at all.

2. Keep Your Systems Up-to-date

Apply security patches as soon as they are available.

Ask a cybersecurity consultant: “What is the single most important thing you do to stay safe on the Internet” and the answer will be: “Keeping my systems up to date with security patches.”


A security patch is issued when a vulnerability is found. Two things happen when we install that security patch. First, the vulnerability is patched and so now you are safe. Awesome! Second, now the whole world knows about this vulnerability and the bad guys will target the ones that have not updated. Apply security patches to computers, servers, networking equipment, mobile devices (and really anything that has a security patch) as soon as they are available.

3. Security Training for Your Staff

Nurture a healthy security culture in the office

Often called ‘The Human Firewall’ your staff is an important part of your defenses against cybercrime. One wrong click could cost your company thousands. It is worth it then to invest in security awareness training. One aspect of this that has grown in popularity is phishing sims. Fake phishing emails (yes, fake fake emails!) are delivered to your staff’s inbox to see who clicks them. Clickers can receive extra training and correction. The other aspect is security training. Delivered in bite-sized portions, your staff can stay up-to-date on the latest tricks. Encourage staff to talk to one another and ask questions about suspicious emails. Have an easy means to report them. Your company should have an excellent culture of security awareness. It is one of the best protections you can have to avoid ransomware.

Email & Phishing Protection

4. Harden Your Email Security

Default security settings are not enough

Email is the most pervasive and powerful form of communication and collaboration there is today. Most businesses today depend on it. It is also the most prolific attack vector that we see today. Attackers target your staff by phishing their credentials or weaponizing the content of email to penetrate your organization. Once in, cybercriminals can deploy ransomware and cause very serious damage. Best practice is that email services are provided by robust, business-class platforms such as Microsoft Office 365 and Google G-Suite. The security of these services needs to be hardened depending on specific requirements, as the default configuration is not enough.

5. Encrypt Personal/Private Information

Protect your data with encryption so it can't be ransomed

Encrypting your data will not protect you against ransomware that encrypts files. After all, the hackers can still encrypt on top of your encrypted files and hold it for ransom. But, the hackers have learned that many companies are not willing to anti-up any cash since they have a backup of their data. So, they’ve upped their game. If you don’t care about getting your data back, you may care if your confidential data finds its way to public forums. This is a big deal for businesses that store sensitive information about their clients. Using a secure encryption scheme on your hard drive means that the files, if stolen, will be a bunch of gibberish. No data, no ransom.


On the downside, this is easier said than done. Sure, you can encrypt your hard drive's data. Both Windows (BitLocker) and Mac (FileVault) have tools to do it. The problem is that the data is encrypted 'at rest' (as it sits on your hard drive). This is great if your laptop is stolen, then the crooks cannot get useful data off the hard drive. Yet, as you open and copy files from the hard drive, that encrypted data is unencrypted on-the-fly. Hence it will not slow down your ransomware attacker. What you need is a Data Loss/Leak Prevention (DLP) tool that always encrypts the data…even when viewed or copied. This provides significantly increased protection. We'll do a deep dive on this topic in a future blog.

6. Lock-down Remote Access and Management

Understand who has access to your systems from outside the office

Every opening in your network to the outside world is a potential danger. These days with so many home workers, remote access is more popular than ever, so this needs proper consideration. Windows Remote Desktop, also called RDP, is an excellent tool for remote access between Windows PCs. It’s free and thus an attractive option for business owners. Yet, there are many important security considerations. Number one in the list is: use a VPN. If you do not use a VPN then you must punch holes in your firewall. These holes are quickly identified by relentless scanners looking for just such open ports. When found, equally relentless bots will attack with username and password combinations in an attempt to brute force their way into your systems. It may take days, weeks or months but often they get in. A business-class VPN provides a special encrypted tunnel to your office and no firewall holes are necessary. Another option is to use 3rd party apps such as LogMeIn or a VNC solution. Use complex passwords and multi-factor authentication.


Also, many IT providers use RMM (Remote Management and Monitoring) tools. A disturbing trend in the past couple of years is hacking IT providers. Once in, the cybercriminals then use these RMM tools to deliver malware to the IT providers clients. Multiple organizations all at once! Ask questions about how your vendor's systems are secured and who has access to these types of tools. Make your IT company accountable or get a 3rd party review to make sure their security is top level.

Keep your Desktop Protected

7. Anti-virus with Advanced Tools

Choose malware protection that has features such as AI and sandboxing.

Most anti-virus software is definition-based. This means that to block a virus, the anti-virus program needs to know about it and have its ‘signature’. This leaves a lot of risk for new viruses… often called zero-day malware. One solution is to use an anti-malware with artificial intelligence, aka machine learning. This type of protection doesn’t only compare signatures, it looks for odd behavior… for example, all your files suddenly being encrypted. Sandboxing is another advanced technique. Files unknown to the system are allowed to run only in an isolated area (a sandbox) to see what it will do. If it is determined that it has bad intent, it can be nipped in the bud. Using such malware protection will increase your chances of stopping this type of attack.

Anti-malware is not a silver bullet. It is one item in a line of defenses. One study reported that 75% of companies hit by a ransomware had up-to-date anti-malware installed. Also, in the case of an AI defense, even if it does recognize the attack and stop it... how much damage was done before the attack was stopped. It limits the damage, it does not always stop it.


The ransomware business continues to grow. The best protection to avoid ransomware is a layered defense. What does that mean? Have tough email security, patch your systems and lock down remote access to keep the bad guys out. But, in case they get in, have malware protection that protects against ransomware. And in case they get by that… have backups and encrypt private data.

It’s a jungle out there. Stay safe and don’t let the bad guys in.

Ethix IT Security only offers cybersecurity products and services. We don't do IT support. We find most organizations we deal with are happy with their IT providers but would like a little help or a 2nd opinion on security. We believe strongly that IT support and IT security should be separate. The same resources should not manage both. If your IT company is managing your cybersecurity, that's a problem. Would you like a second opinion? Ethix IT Security helps small business stay safe in a complex and dangerous world.