Ransomware is malicious software (malware), which aims to trick or force victims to pay a ransom to gain access either to their computer as a whole or to some or all of the data stored on it. At present, ransomware comes in three main forms, scareware, lockware (or screen lockers), and encryption ransomware.
Different types of Ransomware And Meaning
Scareware and lockware are both more consumer-facing pests than serious threats to businesses. Scareware generally works by trying to convince victims that it is a message from a legitimate IT company. It claims to have identified a serious issue with the victim’s computer (ironically enough usually malware) and “requests” that the victim pays them to resolve it. Scareware is the easiest form of ransomware to resolve. The victim generally just needs to download and use some decent security software.
Lockware works along similar lines except it usually locks the victim’s screen and makes a claim to the effect that the lock has been put in place by some law-enforcement agency as a sanction for activity on their computer (essentially the same as wheel-clamping a car). The victim is instructed to pay a penalty to have their computer released. Lockware can be harder to remove, but it’s generally possible to get rid of it with a bit of effort and a good security program.
Encryption ransomware is what companies really fear, although they shouldn’t if they have a solid backup process in place. As its name suggests, encryption ransomware encrypts files and demands that the victim pay a ransom to have them released.
Encrypted files can still be attacked by ransomware
There can be lots of good reasons for encrypting your files, especially if they contain sensitive data, but it won’t protect you against ransomware. All that will happen is that your files will be encrypted again so that you can’t access them. That said, neither will the attackers so you shouldn’t have to worry about data theft.
Cloud storage can fall victim to ransomware
There are two main ways cloud platforms can be infected with ransomware. The first is through automated syncing of files. Basically, the attacker would infect the desktop and if the computer was set up to synchronize files with a cloud platform as soon as they were updated, then the healthy copy would be replaced by the infected copy.
The second way is similar and it’s simply through a user access being compromised. Remember that cloud platform vendors only protect their platform itself. It’s down to each client (or tenant) to secure their own accesses. In this situation, one problem could lead to another in that compromised files could be automatically backed up as in the previous scenario.
This is why it’s important to have a second data backup stored offsite. If you’re in the cloud, that means in another cloud. It’s generally fine to use the public cloud for this, even if you’re in a regulated industry, just make sure that your data backup files are encrypted.
Good security is your first line of defense against ransomware
If you have a backup copy of your data, then your loss should be minimized to the effect of the downtime while you retrieve this data backup and restore from it. This, however, can be bad enough and is hence well worth avoiding. The way to avoid this is to invest in robust security software and back this up with effective internet-usage policies and user education.
The key point to note here is that user awareness really needs to be your last time of defense rather than your first. You’re basically hoping that they will catch anything which has somehow slipped past your automated defenses rather than relying on your automated defenses to catch anything which has somehow slipped past humans.
You may need to tighten up internet-usage policies
A lot of businesses currently take a fairly relaxed attitude to their employees using the company internet for personal business, as long as it doesn’t interfere with their work. This is fine in principle, but in practice, this is becoming a growing security risk since compromised websites are one of the main ways attackers spread malware in general and ransomware in particular.
It’s worth noting that at this point even mainstream websites have to be considered at risk of compromise due to malvertising (paying for adverts which are used to spread malware). This makes it more difficult to create a list of reliably safe websites. Companies might, therefore, want to consider keeping the internet for work only and perhaps offering employees a WiFi connection they can use on their own devices.
Please click here now to start your free 30-day trial of Xcitium AEP
Endpoint Detection and Response
protect your company against ransomware