How Does Ransomware Steal Data to protect yourself from ransomware and data theft
Ransomware started “just” as a way to intimidate victims into paying money in the hope that it would make it go away. Attacks, however, have become more sophisticated and are branching out into data theft. With that in mind, here is a quick guide on how to protect yourself from ransomware and data theft.
Scareware and lockware are both social-engineering tricks
When people talk about ransomware, they often mean encryption ransomware. For completeness, however, there are two other forms of ransomware known as scareware and lockware.
Scareware works purely on intimidation. As its name suggests it just sends out a scary message in the hope that the victim will be frightened into paying up. Lockware actually does lock your computer, but the lock is easily bypassed if the victim just keeps calm. Again, the main power of lockware is in the fear-factor rather than in the technical capability.
Scareware can be removed just by scanning the device for malware. Lockware can generally be removed by booting into safe mode and then scanning the device for malware. If, however, that doesn’t work, you can boot into safe mode, restore to a previous time point and then scan for malware.
Unlike scareware and lockware, encryption ransomware really does cause a technical issue with your device. As its name suggests, it encrypts some or all of your files. Getting rid of the source of the infection is usually fairly easy. Generally, an anti-malware scan will do the job.
The problem is that the files remain encrypted. This means that unless you have a backup, your options are to hope there is a publicly-available decryption tool, pay the ransom (with all that implies) or accept the fact that your files are gone.
In the early days of encryption ransomware, a lot of attacks were successful precisely because companies were, bluntly, not only failing to apply proper security but also failing to prepare themselves for the possibility that their security defenses would be breached. Ransom demands tended to be set fairly low, to help make the decision an easier one to swallow, and a lot of companies (and government organizations) did pay up.
Now, however, there is beginning to be something of a pushback against encryption ransomware. Companies are more aware of it and hence more able to defend against it. They are also more likely to have taken steps to minimize the damage a ransomware attack can do. This means that cybercriminals have to maximize their profits from their remaining victims and that means combining encryption ransomware with data theft or, at least, the threat of data theft.
Protection your data from an encryption ransomware attack
There are two key steps to take to ensure that your data is protected in the event of a ransomware attack. The first is to ensure that all sensitive data is always stored encrypted (both in your production system and in your data backups). The second is to make sure that your data backup strategy is encryption-ransomware-proof.
Keeping your sensitive data encrypted will not stop an encryption-ransomware attack. The encryption ransomware will just re-encrypt your files. It will, however, stop data theft. This means that, whatever else happens, you should not end up having to explain yourself to law enforcement and/or data-protection regulators.
Making sure that your data backup strategy is encryption-ransomware-proof means that your loss will be limited to a bit of downtime while you restore from a data backup. You will not even have to consider the temptation of just paying the ransom to make it go away. This is never advised and may become illegal in the future (there is an ongoing debate on this topic).
Any form of local storage is vulnerable to compromise in the event of a ransomware attack, so you need a second, off-site backup location (a second cloud is fine) and ideally, you should be keeping data backups from different time-points in case there is a delay in spotting the attack.
Preventing an encryption ransomware attack
Your first line of defense against an encryption ransomware attack is to invest in an anti-malware program from a reputable cybersecurity company. Ideally, you want a cloud-based product with an integrated firewall. This will give you all-in-one protection you can trust with regular updates that only need to be deployed on the server not downloaded and installed locally.
Your second line of defense against an encryption ransomware attack is to make sure that any security-related updates are applied promptly to your operating systems and any locally-installed software you use.
Please click here now to start your free 30-day trial of Xcitium AEP.