What is Ransomware?
Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. However, some of which are hoax and scam emails.
Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin or other forms of online payment mode.
Should you pay the ransom?
No, do not make any payment and contact us or your IT support immediately for assistance.
Paying the ransom does not guarantee you will get the private key to restore your data. Instead, protect your files by using protective measures in your day-to-day operations. In case of an attack, you can return files to their original state. This is why backups are critical to recovery from an attack.
Ways to prevent ransomware attacks, or in fact, any form of attacks.
- User training
- Content filtering
- Keep software patched and updated
- Quarantining suspicious emails / Block suspicious incoming email addresses
1. Detecting ransomware
A ransomware attack typically comes from an executable file or a script that downloads the executable file and runs it. Not every ransomware attack is immediate. Some ransomware stays dormant until a specific date.
Network administrators detect ransomware with applications that monitor suspicious network traffic. The applications send notifications when malware renames a large number of files. Anti-malware software protects against thousands of types of ransomware. It contains digital signatures that identify ransomware before it can execute. It does not always catch zero-day attacks – those that target vulnerabilities developers don’t know about yet.
Current anti-malware solutions include artificial intelligence (AI), machine learning and behavior monitoring. These solutions benchmark current file status against changes and file access requests. They alert administrators of suspicious activity so an attack can be resolved early and prevent file encryption and data destruction.
The best way to recover from ransomware is to restore data from a backup. Backups bypass the ransom demand by restoring data from a source other than the encrypted files. Hackers know this, so they develop ransomware that scans the network for backup files. After restoring from a backup, you still must remove the ransomware from the network.
An effective way to stop malware from encrypting backup files is to keep a copy of your backups offsite. Cloud backups are the typical choice for businesses that need an offsite backup solution. Using cloud backups, you keep a copy of your files safe from ransomware and other cybersecurity threats.
2. User Training
User training greatly reduces infection risk. A ransomware attack usually starts with a malicious email. Users can be trained to identify cyber threats including ransomware, phishing, and social engineering. Users trained to identify malicious messages are less likely to open an infected attachment.
Hackers sometimes use social engineering in their attacks. Social engineering is when an attacker targets specific users on the network who have higher privileges. The attackers bet that these users have more critical data on local storage or have access to business-critical systems and infrastructure. This increases the chance that the business will pay the ransom.
3. Keep software patched and updated
Make sure firmware, anti-malware applications, operating systems, and third-party software have the latest patch installed. New ransomware versions come out regularly, and software updates ensure that your anti-malware recognizes newer threats.