What you need to know about ransomware
Ransomware frequently hits the media headlines as one big name after another falls victim to it. Very few of these articles, however, give any clear information on what ransomware is, how it works, and what these companies should have done to protect themselves.
All ransomware is malware designed to extort direct payment
There are basically two reasons for creating malware. One is to cause havoc and the other is to generate profit. Ransomware is very much in the latter category. In fact, currently, it’s probably the ultimate example of a form of malware which is used for profit not just because it is so lucrative, but also because it is set up for direct payments between the victim and the perpetrator.
There are three main forms of ransomware currently in use
The three main forms of ransomware are scareware, lockware, and encryption ransomware.
Scareware has rather given way to lockware, but it’s still around. Scareware literally just sends a frightening message to your screen to try to convince you that you have a problem and you need to pay to make it go away. Rather ironically, the main strategy is to tell the victim they have a malware issue and need to pay for technical support. In actual fact, all the victim needs to do is install an anti-malware program and have it scan the computer.
Lockware is really a development of scareware. It was big from around 2012 to 2017 and still pops up periodically even today, but has now largely given way to encryption ransomware. Lockware is slightly more sophisticated than pure scareware in that it actually does cause your computer to freeze and hence give the impression that you are locked out of it. It is, however, easy to bypass the lock.
Boot into safe mode and try installing an anti-malware program. If that doesn’t work, restore to a point before the infection and then install an anti-malware program. In either case, have the anti-malware program scan your computer, even if it’s just to be on the safe side.
Encryption ransomware is the form of ransomware which really came to prominence in the WannaCry attack of May 2017. It really does have a serious threat, specifically, it encrypts some or all of your data and then demands money for the decryption key. These days it is also increasingly associated with data theft.
Protecting your data in the event of an encryption ransomware attack
The fact that so many big companies (with big IT departments and big budgets) have fallen victim to encryption Ransomware attacks should be a warning that companies of all sizes (and private individuals) need to take them very seriously. You should assume that your defenses are going to be breached and prepare accordingly.
All sensitive data should be stored encrypted. All personally identifiable data must be stored encrypted. This will stop the cyberattackers from using it for any other purpose other than for ransom. Any data left in the clear can be sold or exposed as a punishment for refusing to pay the ransom. Both of these acts are becoming increasingly common.
All production data should be backed up twice, once locally and once off-site. The off-site backup should be both physically and logically separate from the local backup. Ideally, the off-site backup should have data backups from different time points so you can be confident that you will always have a clean backup if there is a delay in picking up with encryption with the result that encrypted files end up in your backup system.
Preventing ransomware from entering your system in the first place
The more successful you are at keeping ransomware out of your system in the first place, the less productivity you will lose by having to restore from off-site data backups. It, therefore, makes sense to invest in a robust anti-malware product backed by a reputable cybersecurity company.
You can save both money and hassle by going for an all-in-one product, i.e. one which also has an integrated firewall. These days the performance of these combined products is every bit as good as the performance of separate products, plus they are less hassle to configure because they are literally designed to work together as a partnership.
You also need to ensure that you only use operating systems and locally-installed applications which are still supported by their developers. That way they will still get security updates which you will need to apply promptly (or have a managed IT services partner apply for you).
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response
Recent Ransomware Attack
IT Tracking Software
Ransomware Computer Virus