Ransomware is one of the biggest threats in today’s security landscape - it has been on the scene for more than a decade and as it continues to prove successful for cybercriminals more high profile business targets fall victim on an almost daily basis.
Ransomware is always evolving - attackers getting more sophisticated in how the infect systems, avoid detection and foil decryption efforts nobody is safe, says Carey van Vlaanderen, CEO at ESET South Africa.
Do you know what ransomware is? Do you know a filecoder from a lockscreen?
How does ransomware attack?
Ransomware is one of the worst forms of malware. Once your machine is compromised, two significant things happen; the malware will start to encrypt as many files as possible. In its simplest form this will convert the files from a readable to unreadable format, then notification is shown to the user that the encryption has happened, and you will need to pay a ransom and get your files back.
The usual process is you are required to pay a ransom in bitcoins (digital currency) to gain a code, enter the code to prove you have paid them then the software will, if you’re lucky, decrypt your files.
What happens when this attack takes place?
All or most of your files are encrypted; this essentially means they are wrapped in a protective programme to stop you or anyone else accessing them. It’s like a lock box. The files are still inside, but unless you have the key to unlock them, you cannot access them at all.
Ransomware can be a truly devastating piece of malware to hit your business; it has no morals, and it neither cares if you provide a product, service or just information. What it does is cause mayhem, worry and concern.
Usually the only fail proof way of getting your data back is through backup and disaster recovery, but it’s not just whether you pay up or not, it’s the inconvenience your users suffer as a result. Restoring data can take hours, if not days, depending on the systems, and the actual malware must be completely eradicated from your network or it’s just going to start all over again.
What is the best way to prepare for potential attacks like this?
Safeguard yourself from ransomware attacks by implementing a multi-layered approach when dealing with cybersecurity safety, starting with the right security software - this will allow you to detect and react to cyber threats fast and effectively.
Make sure that you have a good point-in-time backup at regular intervals stored offline and off premise, that way if you get compromised it’s just a case of restoring from backup, once you have dealt with the initial malware infection.
Paying the ransomware is never a good idea
If you do, you will lose your money and will not always get the encryption key. You are funding their future criminal activity and if it does not work, you will not get a refund!
Make sure your operating systems and applications are updated and that you have a good multi-layered regularly updating internet security product.