What is ransomware?
Ransomware is a relatively new development in malware, but it’s already a major threat and it’s growing all the time. In simple terms, ransomware tries to trick or force users to pay to regain access to their computer or specific files it contains.
The basics of ransomware
Ransomware comes in three main forms, scareware, lockware (or screen lockers), and encrypting ransomware. The first two are mainly aimed at consumers and, for the most part, are more fear than fact. They typically aim to make users believe that some authority figure has a legitimate reason to demand money from them. Many of these can be dealt with by security programs (which would have stopped them if they’d been installed in the first place), sometimes you will need a new computer (or at least a new hard drive).
Businesses really have nothing to fear from these. They do, however, have a lot to fear from encrypting ransomware. This does exactly what the name suggests. It encrypts files to prevent users from getting access to them. Then the attackers demand a ransom for the release of the data. Usually they request to be paid in cryptocurrency (to make it harder to trace) and place a time limit for the money to be handed over.
How ransomware attacks happen
At present, ransomware attacks depend on users being tricked into either visiting a compromised website or opening a malicious attachment. This means that your first line of defense against ransomware is the best security software you can afford, this is followed by robust (and enforced) internet-usage policies and user education. Realistically, this is your order of priorities because you simply cannot depend on users undertaking manual checks.
Please note that this is in addition to practicing good IT hygiene and, in particular, making sure that you apply all updates (or at least all security-related updates) promptly. It is impossible to overstate the importance of this.
For completeness, while there are a lot of good reasons to encrypt data, particularly sensitive data, encryption will not protect you against ransomware. The ransomware will simply encrypt the data again. That said, if the data is encrypted, the attackers will not be able to add insult to injury by going on to steal it.
Backups can help you to breathe easily
Backups can help you to breathe easilyIf you have an effective data backup system in place then all you have to fear from ransomware is the time it takes you to restore from that data backup. For completeness, there are many other excellent reasons for having an effective data backup system in place. The three, two, one rule has been around for years and is still well worth following. That’s three copies of your data, across two media (clouds) with one copy being held off-site (in a second cloud).
That off-site data backup matters a lot because an attacker who can get into your production system may well be able to get into backups held within the same environment. This means that if you are in the public cloud, you absolutely must organize your own backups to a second cloud (or anywhere else you see fit) rather than relying on automated data backups.
What to do if you’re attacked by ransomware (and you don’t have a backup)
If you’re attacked and you don’t have a backup, then you may still be able to escape the trap. You need to try to use a security program to get rid of the infection and you need to try to find a decryption program to recover your files. Please note that these are likely to be two separate processes. In other words, the security program might be able to get rid of the infection, but it won’t necessarily be able to get your files back while the decryptor might be able to get your files back but not deal with the infection.
Frankly, you will need to have a bit of luck on your side for this to work, so, while it’s worth trying in a pinch, you really want to work on avoiding letting yourself be put in that situation in the first place.
Never pay the ransom
For the record, there have been high-profile instances of companies paying the ransom and getting their data back. This does not, however, mean that paying the ransom is a good idea. It’s not, quite the opposite. First of all, you are not guaranteed to get your files back. Secondly, even if you do, you are financing the activities of cybercriminals, including the development of more sophisticated malware. In other words, you could be setting yourself up for a worse attack further down the line.
Please click here now to start your free 30-day trial of Comodo AEP.