Hackers do not usually attack without any sense, but most of the time they do it with a lucrative purpose. This is done through Ransomware, where the attackers steal files and ask for an amount of money in order to return the files or system.

Mario Moreno

IAM Engineer

August 23th, 2021

First, let’s talk about what Ransomware is. A ransomware malware or better known as Ransomware prevents users from accessing their system, server or personal files. The purpose of this attack is that in order for the organization or individuals to regain access to their information, they must pay an amount of money known as “ransom”.   

In this case, how could you realize that a Ransomware could have entered your computer or system?   

    —Black screen: If you click on your files your entire screen turns black and all that appears is a request for money or instructions to recover your information.  

    —Infinite pop-ups on your screen: There are times when your screen may fill up with message windows, videos, promotional or other types of windows.  

    —Devices with continuous failures: Devices stop turning on or suffer from various internal problems that affect the performance of your computer

This type of attack can be deployed in two ways: manual and automatic. In the manual way we have that the attacker obtains administrative access to the system and inserts the ransomware in certain places of the system. On the other hand, when it is done automatically the system is compromised and the ransomware is installed on the system.  

Now, servers can be infected by popups, email or phishing. Popups occur when you are on a website and you get a misleading message that, when you click on it, the ransomware is downloaded to your server. On the other hand, you can also receive an email message promoting that you have won a prize from a previously visited site or that you need to authorize a delivery, press the button and you are down. Finally, we have phishing when you visit a hacked site and pressing buttons leads to unwanted behavior.   

Once you fall into the hacker’s trap and download the malware, it looks like nothing happened, but the computer encrypts all the files. Once everything is encrypted, the hacker will ask for an amount of money that is usually $400 dollars in most cases, but usually goes up to thousands of dollars when they are large companies.   

However, there are certain types of organizations that hackers prefer to attack depending on the information they can receive from them.  

  • Sensitive files: Health organizations because they have to store important patient information. A virus could put the organization at great risk.  
  • Significant demands: Government agencies or other similar organizations must remain functional. They are often attacked because governments tend to pay quickly.
  • Compromised information: Private detective agencies and security companies have privileged information about their clients. It is very important to protect their information because it is very critical.   
What would be the solutions to this problem in general?  
  1. Report: report to the FBI or some institution about the incident. The authorities have to get into these problems since they are criminal acts and charges would be brought if the source of the problem is found.  
  2. Clean up: Ask for help from a professional (from the institution reviewing the incident) to help recover the information.  
  3. Return phase: While working on the solution, return the systems to their normal operating levels.   
  4. Communicate: It is important to communicate to partner companies in case they may be similarly infected by the attack received.  

How could an attack be prevented before it happens?  

  • Best mailing practices: Remind employees to try not to click on any link they receive in the mail, especially if it comes from an email outside the company.  
  •  Privacy: Emphasize the importance of keeping users and passwords highly secret.  
  • Software: Point out that antivirus scanners keep the whole company safe.  
  • Backups: It is important to have backups of your files or system in case of an attack.  

Now, how to protect yourself against attacks with Okta?  

Encourage Zero Trust architecture: As discussed in a previous blog, Zero Trust leans towards only the right people having access to the right places. The implementation of Zero Trust starts with MFA (Multifactor Authentication). Using this feature implements access policies that differ from traditional methods. MFA can stop Ransomware attacks from gaining initial access while Zero Trust architecture can prevent lateral movement of hackers if hackers gain entry.  

Secure access to your important resources, including cloud, on-prem and infrastructure applications: With Okta’s platform, known as Okta Integration Network, you can access more than 7000 integrations of today’s most used apps. It uses modern security protocols to mitigate the risks associated with password expansion and gives you access to a range of policies to moderate access.  

Stay ahead of today’s threats with robust and easy-to-use authentication controls: Okta enables different types of authentication in a very simple way to reduce the number of ineffective configurations and encourages users to use the most effective methods. With MFA, you can deploy the second factor or as needed when there are risky login attempts, for example when registering a new device, from another location or according to the network signal.   

In conclusion, we are facing a very dangerous issue for both personal and corporate information. These attacks can be very costly and can put your privileged information at great risk. Fortunately, OKta has mechanisms and infrastructure in place to prevent these attacks so take advantage of hackers by including Okta in your business environment.        


[1] Ransomware Defined: How Does It Work & How to Prevent It, Okta Inc., 2021

[2] How to protect against ransomware attacks with Okta, Okta. Inc, July 2021