Ransomware defined and explained
The defining feature of ransomware is that it attempts to trick or force its victim into paying to regain access to their data. Different forms of ransomware take different strategies to achieve this.
Scareware, lockware and encryption ransomware
Scareware and lockware both prey on ignorance, fear, and intimidation. Scareware, as its name suggests, has nothing behind it and can usually be removed very easily if the user just keeps calm. Lockware really does lock users out of their computer but it can generally be bypassed by anyone with enough IT knowledge to boot into safe mode with command prompt and restore to a date before the infection.
Encryption ransomware is generally used to target organizations. Unlike the other two main forms of ransomware, it really does pose a serious threat. As its name suggests, it encrypts files to try to force organizations to pay to regain access to them.
Encryption ransomware attacks are very hard to treat
Getting rid of the encryption ransomware itself is not necessarily difficult. Usually a security scan will do the trick. The problem is that getting rid of the source of the infection will not treat the symptoms. In other words, your files will stay encrypted.
You may be able to find a decryption tool that will release your data again, but frankly you will need a bit of luck on your side for this to work. Bluntly, enough organizations pay the ransom (against all advice) that cybercriminals are both able and willing to put time into continually developing their malware so it keeps jumping ahead of security products and decryption tools. This means that the only really safe approach is to focus on prevention (and protection) rather than cure.
Prevention means security, protection means data backups
The fact that ransomware creators are continually updating their malware means that you can never be 100% safe against it even with the best security processes in the world. That should not, however, stop you from trying, if only to save yourself the hassle and downtime caused by having to restore data from a backup, very possibly an offsite backup.
Effective data backups are your only guaranteed protection against having to accept the loss of your data (or grit your teeth, cross your fingers and pay up), but the key word in that sentence is “effective”.
How to prevent a ransomware attack
Your first line of defense against ransomware is a solid line of security software including an anti-malware product with an email scanner and a firewall. You also need to make sure that all security updates are applied promptly as this is a major point of vulnerability. If you know that you have a poor track record in this area, then you need to fix it either by making sure that in-house resource is available or by arranging for a managed IT security company to deal with it for you.
Your second line of defense is robust protocols on internet (and email) use coupled with effective enforcement and user education. This can be a tricky conundrum for many companies. On the one hand, many staff members have become accustomed to being able to use the internet (and even email) for their personal business as long as they do not let it interfere with their work. In principle, many companies are fine with this.
In practice, however, compromised websites are now a major source of security threats and sometimes malicious code can be triggered without being downloaded. This is not believed to be the case with ransomware, yet, but, it may be only a matter of time. Given that most employees now have mobile devices of their own, businesses may want to start at least restricting the internet sites they can visit from the organization’s connection.
How to protect yourself with data backups
In the context of protection against ransomware, the key point to understand is that automated backups to local systems can actually make the problem worse rather than better. If an infected file is automatically backed up, replacing a healthy one, then you basically defeat the purpose of having a backup in the first place. There is still a very strong case for having local backups, they’re handy for restoring after mishaps, but you also need an off-site backup. You also need to check that files are clean before the old data backup is overwritten.
Your off-site data backup then needs to be protected as rigorously as your production system and your local data backup. Remember that even if data is stored encrypted (as it generally should be, at least if it is sensitive), it can still be encrypted again. On the plus side, the cybercriminals will not be able to read it, so they cannot steal it and sell it.
Please click here now to start your free 30-day trial of Comodo AEP.