Is 'Ransomware' Terrorizing Your Site Visitors?

Ransomware is popping up as an increasingly viable threat for online businesses, but not many people know how it works or how to navigate the threat to protect themselves and their customers.

Yet they should know, because ransomware can be as scary as it sounds. That's why entrepreneurs need to understand how the threat works, to prepare themselves, should an attack hit their company.

In fact, a ransomware attack can happen to any business or customer, but keep in mind that the most prevalent ransomware doesn’t actually exist in your website’s backend or servers. Instead, it lives in the browsers and devices of your customers, or even those of your staff. It’s part of a larger group of malicious software called Client-Side Injected Malware -- malware that individuals unknowingly download into their own systems via bundled apps or otherwise legitimate software.

Your website may be operating perfectly fine, but when a consumer’s browser or computer becomes infected with ransomware, the consumer sees malicious links and advertisements overlaid on your website -- and oftentimes these things look innocuous. There may be a fake link, for instance, for “Free Shipping” or “Recommended Products” that looks authentic to the naked eye, but once clicked on, triggers a ransomware attack.

That’s what makes this ransomware so dangerous: It completely bypasses your website servers, as it loads after your page renders, so all the protections and safeguards you earlier put into place to secure your website will do nothing to stop ransomware from attacking your site visitors on their own computers. All they have to do is click on one of those fake links in order for it to rear its ugly head.

Once your customer does click, his or her computer immediately locks up and something terrifying like this appears:

In other words, the ransomware itself often looks like a legitimate system message. It can also take the form of popups or windows urging the consumer to contact a customer service center in order to resolve the issue.

No amount of force-quitting the browser or restarting the computer will resolve it. Ransomware is persistent and insidious, and once it’s taken over a computer, it’s a nightmare to deal with. What’s worse is that consumers won’t know their computers are infected until an attack occurs.

If, as in the illustrated example, a consumer calls the phone number on the popup, he or she will be led to a call center offering antivirus and cleaning apps, sometimes at a monthly subscription cost of hundreds of dollars, and with a logmein client that allows the criminals to remotely control the user’s computer until they get what they want.

With full access to the computer, the culprits will deny the consumer access to their own systems and files until a hefty ransom is paid. Considering the lifetimes of photos, work and personal content that most people put on their devices, it’s no wonder that many in recent months have reported actually paying those ransoms, to regain access to their files.

The worst part? The vast majority of consumers assume that your website, not their own computers, is infected with the malware that has caused this nightmare. You may get frantic customer phone calls, formal complaints from shoppers or inquiries from local media and watchdogs. As a business owner who knows little about this new form of Client-Side Malware, you may assume the problem is coming from your backend.

You’ll impulsively place urgent calls to your CTO or IT staff, but the point is, you shouldn't react without considering the problem first.

It’s critical that you understand what kind of malware is behind the attack, because oftentimes it will not have come through your backend. It’s very possible that Client-Side Malware is the underlying cause. Ransomware is especially destructive because it can ruin an online business' credibility without ever passing through the website itself. So be sure you understand exactly what you’re dealing with first. Many site owners will pour thousands (if not hundreds of thousands) of dollars into emergency server protections when the problem isn’t stemming from that side of the equation at all. And that's a mistake that can be costly and ineffective.

The takeaway here is that malware developers are coming after online businesses with Client-Side Injected Malware because they know it’s far easier to infiltrate a consumer’s browser than it is to attack your heavily guarded website servers.

Your customer’s front door has become their new back door, and until consumers wake up to the issue, ransomware will continue to grow online. It’s your job to understand the new forms of malware your customers are vulnerable to so that when a problem does arise, you’ll be able to handle it.