What you need to know about the ransomware computer virus
Ransomware has become one of the most hated computer viruses in existence. The bad news is that even the best cybersecurity defenses in the world cannot provide 100% protection against it. The good news is that a bit of planning can not only minimize your chances of being attacked but also minimize the impact of an attack. With that in mind, here is what you need to know about the ransomware computer virus.
There are three main forms of ransomware
All ransomware works along the same basic lines, it tries to force the victim to make a direct payment to the attacker. There are, however, three different strategies as to how to achieve this.
Two of these strategies are essentially variations on a theme. Scareware just sends out an intimidating message and hopes that the victim will be frightened into submission. Lockware does actually lock computers, but the lock can be easily broken. Again, the main impact is through intimidation.
Encryption ransomware, however, really does create a problem for the victim. It encrypts files and demands payment for the decryption key.
Getting rid of the ransomware itself
One of the ironies of ransomware is that the computer virus itself is usually fairly easy to remove. In fact with scareware and encryption ransomware generally, all you need to do is run an anti-malware scan and follow its instructions. With lockware you generally need to boot into safe mode and then run an anti-malware scan or, in some case, boot into safe mode, restore to a previous time point, and then run an anti-malware scan.
With scareware and lockware, that’s your job done. With encryption ransomware, however, you are still left with the encrypted files and the cybercriminals behind the attack. If you have planned well, this will be a mild inconvenience. If you have not, however, it could be a serious problem. In fact, if you are a business, it could be a problem so serious that your business, literally, will not survive it.
Preparing for an encryption ransomware attack
The harsh truth is that at this point both individuals and businesses need to work on the assumption that they are going to be targeted by encryption ransomware. This has two implications. First of all, you must keep sensitive data encrypted. The practical definition of sensitive data is data you want to keep private. As a minimum, keep any personally-identifiable data encrypted. If you’re a business, this includes data relating to your own employees.
In the context of ransomware, the reason why it is so important to keep data encrypted is that ransomware attacks can easily be accompanied by data theft. Even if you pay the ransom, there is basically nothing to stop the cyber attackers boosting their profits by stealing your data. If you refuse to pay the ransom, they may make their money by selling your data. Alternatively, they may expose it on the internet to punish you and intimidate other victims. Encryption will prevent them from doing so.
You also need to ensure that your data-backup strategy is ransomware-proof. The key point to note here is that local data backups are very vulnerable to being infected by ransomware. This goes for both network backups and hardware backups which are left in/connected to the computer, for example, portable storage drives. This means that you need an off-site data backup and ideally you should keep data backups from different time-points in case it takes you some time to pick up on the attack.
Preventing ransomware attacks
If you prepare effectively, then a ransomware attack should be nothing more than a minor inconvenience. At the same time, it will inevitably lead to lost productivity which you would presumably prefer to avoid. To minimize your chances of being attacked by any form of ransomware, invest in a robust anti-malware program with an integrated firewall, backed by a specialist cyber security company. In other words, do not rely on the default security programs bundled with the main operating systems.
Have a process for promptly updating any operating systems and locally-installed applications you use. In principle, you should aim to apply security-related updates as soon as they are released. In practice, many companies prefer to wait for a little to see if the updates cause any problems. While this is understandable, it’s also a risk because known vulnerabilities are basically an open door to cybercriminals. You, therefore, have to balance the convenience of getting feedback on issues, with the risk of being attacked in the interim.
Last but definitely not least, make sure to educate your users on social-engineering tactics to limit the risk of them being tricked into allowing ransomware into your network.
Please click here now to start your free 30-day trial of Comodo AEP.