What is Ransomware?
When you are a victim of Ransomware, you are denied access to your data, files, and folders until you pay the cybercriminals who are holding your data hostage. Once ransomware infects your computer, it reviews all of your files and folders and starts to encrypt your data, spreading across your entire network. When trying to access the now encrypted files, a message will pop up on the screen asking for payment before you are able to decrypt and open them.
While it is possible the cybercriminal will not release your data after payment, it's unlikely. Although nefarious, these cybercriminals know that if they gain a reputation for not releasing data after payment, victims will be less inclined to pay. These criminal enterprises are typically run like any business, complete with employee benefits. That said, it is also typical to see some files go missing or incorrectly restored, making them unusable, while the majority of your data could be restored just fine.
The good news is there are a few different ways you can prevent ransomware and one surefire way to recover your files without paying any hackers.
How Does Ransomware Start?
The most common way to get ransomware is through email, but there are other ways. When using a familiar site like Amazon or YouTube, we may feel secure, but there are other information feeds from third-party advertisers and other content distribution channels present. Even legitimate websites cannot control all the content on their website from time to time, allowing malicious content to appear on a legitimate and trusted site.
Once the infected link or attachment is clicked, it's only a matter of time before your whole computer is compromised. If you don't have security measures in place, your data is at risk across your entire network.
What is The Best Protection Against Ransomware?
The best way to ensure the safety of your data and your organization is to structure your business security in a multi-layered defense. This includes:
- Regular backups of your data to an offsite or Cloud location with redundancy.
- An ongoing security awareness training program and education for all staff.
- Network structure and regular maintenance, and restricted access to only necessary users.
- DNS protection to help detect whether you are using a legitimate or fishy site.
- Security software, and policies in place with regular updates.
The key is to not rely on a single form of protection, but to use multiple tools to layer protection. The only fool proof method to avoiding ransomware is to turn off your computer and ignore technology entirely. I think we can all agree that life would be fairly difficult without these indispensable tools we've become reliant upon.
When all else fails, keep in mind that if something looks fishy or sounds too good to be true, It probably is. If you're still not sure, it never hurts to reach out to the party in question directly.
What Do I Do If My Computer Has Been Infected With Ransomware?
If you think your computer has become infected with ransomware, immediately shut it down, pull the plug, and isolate your computer from the network, then call your IT department to start the cleanup process. In a business environment, depending on regulatory requirements, you may be required to post a breach notification on your website, and send a message through email or letters directly to your clients and vendors to notify them of the breach. Depending on how deep you have to go in discovering what happened, who is infected, and what information got released, legal involvement may be required. While detection methods and software is getting better at determining when and why these things happen, some high profile cases show that cybercriminals have had access to insecure files for months before the breach was discovered.
Having backup policies in place will save a lot of headache by ensuring access to your data, and the ability to continue somewhat normal operations. A complete data backup and recovery plan is essential to quickly and efficiently get the affected systems off the network and cleaned up to restore data and get back to business.
What if you have to pay the ransom? Many businesses unfortunately don't have backups and disaster recovery plans in place. Business owners must assess their data and ask themselves if this information is important enough to risk paying for? Cybercrime is a multi-billion dollar industry per year. Many companies have been impacted by Ransomware, lost data, had data breached and suffered reputation loss in the process. None of them thought it would happen to them until it was too late.
As security professionals find better ways to protect our assets, cybercriminals find more ways to get in, so it's best to always be on your guard. If you're not sure about your businesses’ cyber defenses, schedule a free IT Consultation or give CTTS a call at (512) 388-5559, before it's too late!
By Kurt Rinear
Director of Technical Services
Central Texas Technology Solutions