Home»Google Workspace Ransomware Protection»How to Avoid Ransomware Damage?

How to Avoid Ransomware Damage?

The world is projected to spend up to $170 billion on cybersecurity by 2020. We want to provide our readers with the information to help them avoid ransomware and protect their business from cybercriminals.

Over the past few years, an entirely new class of Ransomware delivering cybercriminals has emerged. Their aim was not just to harm, but to benefit financially. Now they get a net financial benefit of $400-$1000 per user through extortion.

How to Avoid Ransomware Damage

The first ransomware viruses used to be simpler and could be decrypted without paying money. Each new version of the virus is becoming more inventive. Users already can’t decrypt the files themselves, so they either have to pay or lose data.

As it was considered earlier that only Windows is vulnerable, however, all the popular platforms have been infected in a year. Cybercriminals could make a virus for any system – Mac OS, Windows, Linux, Android. Therefore, the only question is, when we face it what should we do?

Avoid ransomware damage

Use SpinOne

Ransomware viruses are becoming increasingly common. Furthermore, new methods and purposes are becoming more sophisticated. Let’s discover how to protect ourselves from them.

There are two main forms of ransomware today:

  • Locker ransomware (computer locker): Denies access to the computer or device.
  • Crypto ransomware (data locker): Prevents access to files or data.

All the following examples are about crypto-ransomware.

 Ransomware for Linux

Linux.Encoder.1, the first ransomware, appeared in November 2015.

Spread“A completely new ransomware variant was discovered to be targeting websites instead of users’ hard drives. Injected into websites via known vulnerabilities in site plugins or third-party software. This malware then infects the host machine and encrypts all the files in the “home” directories of the system. It also encrypts backup directories and most of the system folders typically associated with the website itself.”– writes TrendMicro.
PurposeEncrypts files with the extensions: “.php”, “.html”, “.tar”, “.gz”, “.sql”, “.js”, “.css”, “.txt” “, “.tgz”, “.war”, “.jar”, “.java”, “.class”, “.ruby”, “.rar” “.zip”, “.db”, “.7z”, “.doc”, “.pdf”, “.xls”, “.properties”, “.xml” “.jpg”, “.jpeg”, “.png”, “.gif”, “.mov”, “.avi”, “.wmv”, “.mp3” “.mp4”, “.wma”, “.aac”, “.wav”, “.pem”, “.pub”, “.docx”, “.apk” “.exe”, “.dll”, “.tpl”, “.psd”, “.asp”, “.phtml”, “.aspx”, “.csv”.
Ransom Payment$420 (in bitcoins).
The scale of destruction2,000 Linux users.

Linux.Encoder has been recompiled on Mac and called KeRanger.

Ransomware for Mac OS

Among the operating systems defeated by Ransomware, Mac OS is the newest.

The case of Mac OS infection started from an installed file, which is unusual for ransomware viruses that used to come from emails. The file on the official website was replaced by a malicious fake version. Another point is that the file was signed with the certificate that Mac app considered valid. And Mac protection system Gatekeeper didn’t notice a threat.

KeRagner, appeared in March 2016.

SpreadAn installed file from the official website.
Ransom Payment$400 (in bitcoins).
Activation period3 days.
The scale of destruction7,000 Mac users.

“Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.” – writes Palo Alto Networks.

 Ransomware for Windows

The number of viruses for Windows is really big.

CryptoWall, this group of viruses first appeared in June 2014.

Оne of the most widespread and damaging threats (CryptoWall, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0).

  • Via spam emails with a link and drive-by downloads.
  • Can be downloaded by other malware.
PurposeEncrypts a big list of file extension types.
Ransom Payment$300-$500 (in bitcoins)
Global charges$18 million

TeslaCrypt, appeared in February 2015.

SpreadSpreads through Angler exploit kits, like Adobe Flash that download the virus into the computer. It gets through compromised websites’ frames.
  1. Encrypts video game-related files. The virus searches the file related to 40 different games, that can be installed on the computer, such as the Call of Duty series, World of Warcraft, Minecraft, and World of Tanks and encrypts them. It falls under the encryption player profiles, data, custom maps, and game modifications stored on the victim’s hard drives.
  2. Encrypts Word, PDF, and JPEG files. Newer variants of the virus infect computers without these games.
Ransom Payment$400 – $500 (in bitcoins).
$1,000 by PayPal My Cash cards.
$500 USD by bitcoins.
The virus gives the possibility to restore one file for free to make sure that decryption is possible.

TorrentLocker, appeared in February 2014.

SpreadVia spam email with a link or an attached document.
Emails used the specific language of the targeted country and were sent by familiar localized brands or by government departments.
PurposeWindows system process is launched in a suspended state.
The virus deletes volume shadow copies to reduce the chance that encrypted files can be recovered using standard Windows file recovery tools.
Ransom Payment$400-$500 for the first few days and it doubles after.
Then, within 1 month in case no payments are made, the files become unrecoverable forever.
The virus gives the possibility to restore one file for free to make sure that decryption is possible.

CryptoLocker, appeared in September 2013.

SpreadEmails from legitimate companies that have infected attachments.
PurposeFiles of Microsoft Office, OpenDocument, pictures,  AutoCAD files, and other documents.
Ransom Payment$400 – $800 (in bitcoins) within 72 or 100 hours.
Global chargesAround $3 million.

A new threat – encrypted files on Web servers.
The new CTB-Locker edition already encrypted data on more than 70 servers located in 10 countries, the USA is the most affected one.

How to Avoid Ransomware Attacks?

The ideal solution may look like this:

User's Computer -> Cloud Storage -> Cloud-to-Cloud Backup

The most important point is that, if at the time of a virus attack your computer’s documents sync with cloud storage (Google Drive, Dropbox, OneDrive), the cloud storage will be infected as well and you will not have access to it. Moreover, if these files are shared with your colleges, the files will be infected for them too.

Do you want to protect your sensitive data?


So the solution is only to have a backup on the separate cloud storage that will copy your documents every day because no one knows when it happens. A cloud-to-cloud backup provider keeps the files as long as you will need them. And the virus has no chance to infect them.


Courtney Courtney Ostermann Chief Marketing Officer
About Author

Courtney Ostermann is the Chief Marketing Officer at Spin.AI responsible for the global marketing program focused on driving brand awareness and revenue growth. Previously, Courtney served as the Vice President of Corporate and Demand Marketing at PerimeterX, where she helped accelerate revenue and supported its acquisition by HUMAN Security. She was also the Vice President of Corporate Marketing at PagerDuty, where she assisted with the company’s IPO, and has held marketing leadership roles at organizations such as Imperva, BMC Software, Oracle, and Saba Software. Courtney resides in the Bay Area and is a graduate of Colgate University.