How do I know if I have ransomware?
You will know that you have ransomware because it will send you a message letting you know that it is there. You then need to decide what to do about it. With that in mind, here’s a quick guide to dealing with ransomware.
The basics of ransomware
At present, there are three main kinds of ransomware. These are scareware, lockware, and encryption ransomware.
Scareware and lockware are often overlooked because encryption ransomware is, understandably, seen as the main threat. It is, however, important to remember that they exist as you may need to deal with them. In fact, you may need to deal with scareware (or lockware) pretending to be encryption ransomware.
Scareware just makes your device show a scary message, nothing else. Lockware locks your computer, but the lock is very basic and can be easily bypassed. If you get scareware then all you need to do is install an anti-malware program and have it scan your device. If you get lockware, then you need to boot into safe mode and then install an anti-malware program and have it scan your device. If you can’t do that, then boot into safe mode, restore to a previous time point and then install an anti-malware program and have it scan your device.
Dealing with encryption ransomware
Dealing with the actual infection is generally very straightforward. Usually, all you need to do is install an anti-malware program and have it scan your computer. The problem is that by the time you discover that you’ve been attacked by encryption ransomware, the damage is already done. Your files are encrypted.
If you have a backup, this means that you have to waste time restoring from it while people sit idle. If you don’t have a backup, then you have few options and all of them are unpleasant. You can cross your fingers and hope that there is a working decryption key on the internet. This is possible, but it does take quite a bit of luck as ransomware is regularly updated to keep it ahead of security tools. You can pay the ransom (with all that implies) or you can accept the loss of your files and potentially the theft of your data.
Encryption ransomware and data theft
If your data is stored in the clear (i.e. without encryption) then anyone who can access your production system can probably get access to it. Other security mechanisms, such as passwords, may provide some level of protection, but are unlikely to deter a serious attacker. Two-factor authentication might do so, but even this is vulnerable to compromise, especially if you implement it through smartphone apps rather than security tokens as smartphones (and their numbers) can be taken over by cyberattackers.
Even if you pay the ransom, there is nothing to stop cybercriminals from selling your data to increase their profits. If you refuse to pay the ransom, they may choose to make their money by selling your data or they may choose to expose it online to embarrass you and intimidate potential victims.
Keeping data encrypted, sadly, cannot put a stop to ransomware attacks. The cyberattackers will just encrypt the data again. It can, however, protect you from data theft as a consequence of a ransomware attack.
Preparing for ransomware attacks
As the old saying goes, “hope is not a strategy”. You cannot simply cross your fingers and hope that you will be too small, too big, or too anything for cyberattackers to notice you. You have to assume that you will be targeted with encryption ransomware and prepare accordingly.
This means that, first of all, you need a robust anti-malware program with an integrated firewall. Specifically, you need one from a reputable security company. The default security programs bundled with the main operating systems are highly unlikely to be enough on their own.
Secondly, you need a reliable and effective process for ensuring that your operating systems and locally-installed apps are all updated promptly. If need be, sign a contract with a managed IT services partner to do it for you.
Thirdly, you need to secure the USB ports on your computers (and make sure you need admin privileges to install software via any optical drives).
Fourthly, you need to educate employees on the basics of safe surfing/emailing and what they need to do to protect themselves (and the company) from social engineering.
Fifthly, you need to ensure that you have an off-site data backup which is entirely separate from your main system and ideally you should be able to restore to different time points in case there is a delay in picking up on the attack.
Please click here now to start your free 30-day trial of Xcitium AEP.