Once malware makes its way into a computer system it quickly encrypts data and files, rendering the information inaccessible to a user and disabling the computer. When all the files are encrypted the user is at the mercy of the cyber punks who launched the attack. At this stage there is usually a ransom demand, often in the form of Bitcoin, in exchange for restoring access to the data and files.

If a ransom is paid, a key is provided to decrypt the files. However, in some cases the decryption key never arrives even after the ransom is paid. Either way, getting the computer up and running again, and restoring data can be a time-consuming, frustrating process.

Different delivery methods

Phishing emails are the most common way of sneaking malware onto a computer. Hackers use phishing to trick users into opening suspicious-looking emails, by making them look legitimate and trustworthy, convincing a user to take the required action.
  • Delivered through an email, a file containing malicious software is downloaded to the system by an unsuspecting user and then quickly spreads into the computer and infects others too if they are connected to a network.
  • A malicious link can also be embedded in a SMS or a social media post with a link to a malicious website. The website is designed to look legitimate and requires the user to enter confidential details such as user credentials. These are then used by cybercriminals to target the user, enter their systems and encrypt files.
  • Some ransomware attacks target vulnerabilities in system or endpoint security and infect systems from the inside. These usually rely on out-of-date security or systems, for example, when system security is not kept up-to-date or important patch updates are not installed. The WannaCry ransomware attack in 2017 exploited a security loophole in the Microsoft XP operating system. It is estimated to have infected 200,000 computers globally.
  • Sometimes malicious applications downloaded to mobile devices can harbour ransomware which disables access to the device files and data. These apps rely on permissions granted by the user to devices files. Access to the device is disabled until a ransom is paid.
  • In the past ransomware infected USB sticks have been used to target unsuspecting users. Once the device is plugged into a user's system, it quickly infects their system. This method has never been that common because it is considered less effective than other methods unless an attackers is targeting an individual or group of individuals.
How BullGuard protects

Ransomware in essence is simply malicious code designed to penetrate cyber security defences, irrespective of how it is delivered. It is typically created to avoid detection by first lines of defence, such as signature identification; each virus has its own ‘fingerprint.’
  • Ransomware creators typically seek to develop malicious code that has never been seen before so it is not easily identifiable, or design it in such a way that it specifically exploits vulnerabilities in operating systems or software.
  • A method of detecting code that operates like this is known as behavioural-based detection. This analyses how the code is operating and if doesn’t match known behaviour it is flagged as a potential threat.
Signature and behaviour-based detection are fundamental layers of cyber security. Alongside these BullGuard also has Sentry Protection to safeguard against zero-day malware. This is a type of malware attack that exploits a software vulnerability for which there is currently no available defence or patch.
  • BullGuard defences also include updated URL filtering to identify new websites that harbour malicious code. On-access AV is also included. It monitors all system activity when the computer is on and automatically scans files which have been downloaded from the Internet or through e-mail protecting against infected file downloads.
Dynamic machine learning

Recently added to these defence features is dynamic Machine Learning (ML) has been introduced:
  • Dynamic Machine Learning automatically analyses more threats in real-time which in turn enhances malware detection rates. It doesn’t rely on a cloud connection to a database that holds known virus signatures or code behaviour. Rather it protects devices even when they are offline, guarding against malware that has delayed payloads by scanning code when a device is not connected to the internet.
  • Dynamic Machine Learning also scans the entire BullGuard customer user base searching for new and emerging threats. Should it detect, for instance, a new ransomware strain on a device this knowledge is immediately transferred to the millions of other protected devices.
  • The continuous development of also paves the way for the creation of sophisticated cyber threat detection models. These capabilities have been unthinkable in the past and BullGuard is in the vanguard.
In summary, BullGuard is much more than a conventional antivirus solution. It uses the most advanced technological innovations to provide unrivalled multi layers of cyber protection. It provides essential defences in world of growing malware threats and of ever more sophisticated attack methods, particularly ransomware.