Ransomware Costs More Than the Ransom
Ransomware is a form of malware that prevents users from accessing critical systems or files and demands a ransom payment, commonly in form of bitcoin, to restore access. Ransomware can halt business operations and cause significant financial impact from lost income, lost data, or high ransom demands.
HOW DO YOU GET RANSOMWARE?
- Malspam (a form of phishing) is the most common method and involves an unsolicited email that uses Social Engineering to trick people into opening attachments or links that look to be legitimate. Threat actors mimic friends, co-workers, and trusted institutions to pray on our inherent assumption of truth. Once the link or attachment is opened, the Ransomware begins to download and infect your systems. Recognizing the signs of a phishing email is key to preventing this type of ransomware attack.
- Malvertising is another common method that simply involves web surfing with little to no user interaction. When browsing the web even legitimate sites can post ads that will infect your computer, without even clicking on them. The malvertising will often redirect your landing page to an exploited page and start downloading the Ransomware, which is know as a Drive-By-Download. Having up to date security software with ad blockers is key to stopping malvertising, along with being able to spot fraudulent advertisements.
TYPES OF RANSOMWARE
- Encryption Ransomware is the most common and effective. Threat actors will lock up key systems or files and demand a Ransom payment in order to unlock them with an encryption key (password). This Ransomware is very effective and dangerous as there's no security software available that can restore access, so your systems or files are will essentially be gone unless the ransom is paid. Cyber criminals have turned to encryption ransomware given it's effectiveness in obtaining large ransom payments. These threats are becoming more sophisticated and targeted. Recently there've been multiple reports of $1M+ payments made.
- Screen Locker is a form of Ransomware that locks up an entire PC and typically targets individuals. Attackers will usually pose as the FBI and display official (looking) symbols stating that they detected illegal activity or files on your system. The message often asks to pay a fine or penalty, in the $100 range, in order to restore access to the computer. Since these types of Ransom demands aren't exactly lucrative, experienced cyber criminals have transited to Encryption ransomware with higher payouts.
- Scareware is Ransomware in the form of a pop up posing as security software or tech support. It will state that you're computer has been infected with malware and you need to pay a service fee in order to remove it. These are mostly harmless threats and usually blocked by good security software. You'll simply continue to receive pop up messages until the Scareware is blocked or removed by adequate security software.
HOW TO PROTECT AGAINST RANSOMWARE
- Hold regular training with staff on how to recognize malspam and phishing emails. Since this is the most common way Ransomware is downloaded, spotting threats before they happen is crucial.
- Backup critical files and systems as often as possible and further restrict access to key employees or system administrators. When an attack occurs many organizations can quickly recover by wiping their systems when adequate backups are in place.
- Actively patch and update software systems. Threats typically exploit weak points in systems to breach your network. Using outdated or obsolete software also puts you at risk, as security patches and updates may be unavailable by the manufacturer.
- Invest in top notch security software with advanced detection capabilities.
- Create Disaster Recovery and Business Continuity plans and have them tested frequently.
- Purchase Cyber Insurance and transfer the potential financial liabilities to an insurance carrier. Having proper cyber insurance can help you prepare and prevent a breach with valued added resources and mitigate your exposures when an event does occur.