We throw around the term “ransomware” an awful lot, and while we’re confident that most people have some level of familiarity with the concept at this point, it is important that we acknowledge that not everyone has our experience in dealing with it. As such, we wanted to answer some of the questions we hear fairly often about ransomware.
So, without further ado:
Ransomware is a form of malware that infects a device or system and begins encrypting—and otherwise locking down—the data it holds. Once your data is encrypted by this ransomware, it is effectively useless to you unless you have the decryption key…which the cybercriminal will (supposedly) provide, for a price. These attacks are also often paired with some data theft, as the cybercriminal will seek to diversify their profits by selling it as well.
This is bad enough, but the real danger of ransomware comes from the fact that the malware not only locks away your data, but threatens to delete it, complete with a countdown clock until the zero-hour strikes. Therefore, you not only have the pressure that comes from needing your data, but also the pressure that comes from it being truly and permanently gone.
Ransomware can be introduced into your network in a variety of ways, unfortunately, but one that has been used quite often is some form of social engineering—hacking the user, instead of the computer system. Phishing is a common means of spreading ransomware through malicious links or email attachments, which also means that the malware is given the access it needs to make the impact it is intended to make.
By fooling the user, a phishing attack is able to directly bypass the protections that you’d otherwise rely on to help stop the ransomware.
In terms of your response to the ransomware itself, it’s actually more important that you have already done something…specifically, maintained a comprehensive, offsite, and isolated backup of all of your data. That way, should you ultimately fall victim to a ransomware attack, you can pull the nuclear option and wipe out the encrypted data completely before restoring from your backup.
This is usually the first point we make whenever discussing ransomware: do not pay. Not only is there no guarantee that those responsible will hold up their end of the bargain, providing them with the financial support of the ransom only enables them to continue their efforts and reinforces that ransomware works.
Unfortunately not. Again, there’s the risk that your data was stolen before it was encrypted, which not only means you’ve been breached, it also puts you at risk of regulatory noncompliance and the resulting legal concerns and consequences. Plus, you also need to figure out how you were infected in the first place so you can resolve the vulnerability…and that’s before we even mention how being infected can impact the trust your clients and customers have for you.
In short, there are a lot of costs that come about as a result of a ransomware infection that can have prolonged impacts on your business.
There are a few things that you need to do if you want to keep ransomware from becoming a problem for your business and its data. First and foremost, you need to teach your team members about ransomware, phishing, and all the rest so that it is less likely to impact your business in the first place. You need to have your backup prepared, as you should regardless, and while social engineering does often play a major role in distributing malware, you need to have an assortment of cybersecurity protections keeping as many threats as possible away.
Quercus IT can help you accomplish all of this and more. Give us a call at (780) 409-8180 to entrust us with your business’ critical IT, from productivity to maintenance to security.