How does ransomware work?
The basic idea behind all ransomware is that a victim is either tricked or forced into paying a ransom to regain access to their computer as a whole or to some of the files it holds.
The three main forms of ransomware
At present, ransomware comes in three main forms: scareware, lockware (or screen lockers), and encryption ransomware. The first two are more prevalent in the consumer world. Scareware works purely by trickery and can generally be removed fairly easily. Lockware is a combination of a genuine threat (screen-locking) and scare tactics (usually messages purporting to be from law enforcement). It can be trickier to remove, but often a decent security program will deal with it (and would have stopped it in the first place had it been installed to begin with).
In the business world, the main threat is encryption ransomware. This does exactly what the name suggests. It encrypts your files in the hope that you will be forced to pay a ransom to recover them. Frankly, the fact that ransomware is a significant and growing threat suggests that there are still a lot of businesses out there which aren’t implementing an effective data backup strategy since companies which are backing up data properly can just recover from their data backups, although, of course, it’s still preferable to avoid being attacked in the first place.
The basics of data backups
A long-standing rule in IT is that you need three copies of your data over two media with one copy being held off-site. That rule was developed long before the cloud, so these days it’s conceptual rather than literal. In other words, even if your main cloud is technically off-site, it’s still considered your local system and so you still need a secondary copy of your data elsewhere.
One of the key points to remember about ransomware is that it can infect backups, especially if you are using the cloud. There are two main ways this can happen. One is that a production file becomes infected and then is automatically backed up with the result that the “healthy” backup is overwritten by the infected one. This can happen either when desktop systems are automatically synchronized to cloud storage or when cloud-based production systems are automatically backed up.
The other is quite simply that attackers could compromise a user access which covers both the production and local backup systems. Remember that cloud platform vendors only protect their platforms as a whole. It’s up to individual clients to protect their own accesses from compromise.
This is exactly why you need an off-site data backup as well. It’s not a 100% guarantee (nothing is) but it does vastly increase your security, especially if you keep your data encrypted. For completeness, this does not stop it being attacked by ransomware (or any other malware) but it does mean that it is protected from data theft.
The importance of effective security
Although data backups will protect you from the worst consequences of a ransomware attack (or an attack by any other form of malware), you really want to avoid falling victim to such an attack in the first place. This means you need a robust approach to security.
The security precautions you implement to protect you against ransomware are essentially the same as the ones you take to protect you from any other form of malware.
First of all, you need a solid anti-malware program with an email scanner and a firewall (or separate products for each of these jobs). At this point, all ransomware attacks involve some degree of social engineering. Users have to be duped into either visiting a compromised website or downloading a malicious email attachment. Checking both websites and attachments before users are allowed to access them is, bluntly, a lot safer than relying on users to think before they click.
Secondly, you absolutely must keep your operating system and apps up-to-date. The simple fact of the matter is that a relatively small percentage of cyberattackers have advanced-level computing skills. Most simply take advantage of the fact that many companies fail to update their operating system and apps as quickly as they should. If this sounds like you, then it might be a good idea to delegate this process to a managed IT services provider to ensure that it is not just done but done promptly.
Thirdly, you need to block off USB ports to stop internal users accidentally (or deliberately) infecting your network through hardware.
In addition to all of this, companies that have mobile users should also insist that they use a VPN to access the company network, at least when they are connected to public WiFi.
Please click here now to start your free 30-day trial of Xcitium AEP.
Related Sources:
Endpoint Detection and Response