What is ransomware
Ransomware is a type of malicious software that blocks access to a computer using an algorithm to encrypt your files and data.
It then demands a financial ransom, with a variety of tactics to compel you to pay up or lose your data forever. Payment is often requested in the form of an anonymous online currency such as Bitcoin, which makes tracking the criminals very difficult or impossible. Ransomware is spread via spam or targeted campaigns, often arriving in an unsolicited phishing email or an attachment.
Phishing attacks use emails disguised to look like they’re from someone you know and are more likely to trust. They typically ask you to click on a link or attachment to perform a routine task such as updating records or account details. Do this and the ‘worm’ or malware downloads and infects your computer, locking your system and encrypting your files. Ransomware can also infect a system using vulnerabilities in a computer’s browser or via malicious code hidden in online ads, an attack vector called ‘malvertising’.
Counting the cost of ransomware
Cybersecurity experts are divided about paying a ransom to hackers. Firstly, there is no guarantee you’ll regain access to your encrypted files. Attackers have been known to demand multiple ransoms from the same business, while others have simply chosen not to reverse the encryption. Paying the ransom is also likely to encourage the cybercriminals to continue with their activities, which only serves to compound the problem.
Recognizing and recovering from a ransomware attack
The leading cause of ransomware infections is a lack of awareness and cybersecurity training, especially in SMBs, which often don’t have the technical or financial resources to counter the threat. All it takes is one unsuspecting employee clicking on a link in a phishing email to unleash a ransomware infection.
Protecting your data can be as simple as educating your users, updating your systems and backing up your data. Best practice is to train your staff to look for anything that doesn’t seem quite right. This could be an email or social media message from strangers, where the link has a strange URL or the attached file has an unusual file extension. Users should also be wary of ‘free’ downloads or clicking on links to unfamiliar websites.
Protect your network by
- Developing a detailed cyberincident response plan.
- Training your staff to recognize malicious sites, social engineering tactics and phishing attacks.
- Having a clear security protocol that discourages users from clicking on suspicious links, attachments or emails.
- Ensuring technical staff have a rigorous security process.
- Installing the latest antivirus and anti-ransomware software applications.
- Backing up your systems regularly to physical sources and the cloud.
- Investing in hardware and software that’s up to the task of detecting and warding off ransomware threats.
- Constantly analyzing the traffic on your network for threats.
Protect your data with A stringent backup policy
Ultimately, one of the most effective safeguards against a ransomware attack is to backup data continually and keep multiple copies of your backups. Malicious files can lay dormant on your system for some time before showing themselves, meaning recent backups could also contain corrupted files. This is why it’s paramount to keep older backups on hand, both online and off.
Make sure you keep multiple backups off-site on an isolated drive, as well as on the cloud to ensure your data is kept secure. If your network is compromised, look to isolate the infected machine(s) from the network and alert all staff, disable all shared drives and identify the source of the ransomware infection. You should then update your security software and run a full scan of your network. The infected machines can then be wiped and restored from backup.
Ransomware doesn’t discriminate. Ignoring the threat could risk the loss of your data, compromise your ability to operate, damage your reputation, or worse. This is why it is critical your organization has a clear strategy to mitigate the threat, contain a breach and get back to business as usual ASAP.