Ransomware 101: Understanding cyber security's biggest threat
Ransomware has no morals and it doesn't care if you provide a product, service or information, says Carey van Vlaanderen, CEO at ESET South Africa.
Ransomware is one of the biggest threats in today's security landscape; it has been on the scene for more than a decade and, as it continues to prove successful for cyber criminals, more high-profile business targets fall victim on an almost daily basis.
Ransomware is always evolving. Attackers are getting more sophisticated in how they infect systems, avoid detection and foil decryption efforts. Nobody is safe, says Carey van Vlaanderen, CEO at ESET South Africa.
Do you know what ransomware is? Do you know a filecoder from a lockscreen?
How does ransomware attack?
Ransomware is one of the worst forms of malware. Once your machine is compromised, two significant things happen.
1. The malware will start to encrypt as many files as possible. In its simplest form, this will convert the files from a readable to an unreadable format.
2. Then you will be sent a notification that the encryption has happened, and you will need to pay a ransom to get your files back.
The usual process is that you are required to pay a ransom in bitcoins (digital currency) to gain a code, the you will enter the code to prove you have paid the ransom, then the software will, if you're lucky, decrypt your files.
What happens when this attack takes place?
All or most of your files are encrypted; this essentially means they are wrapped in a protective program to stop you or anyone else accessing them. It's like a lock box. The files are still inside, but unless you have the key to unlock them, you cannot access them at all.
Ransomware can be a truly devastating piece of malware to hit your business; it has no morals and it doesn't care if you provide a product, service or just information. What it does is cause mayhem, worry and concern.
Usually, the only fail-proof way of getting your data back is through backup and disaster recovery, but it's not just whether you pay up or not, it's the inconvenience your users suffer as a result. Restoring data can take hours, if not days, depending on the systems, and the actual malware must be completely eradicated from your network or it's just going to start all over again.
What is the best way to prepare for potential attacks like this?
Safeguard yourself from ransomware attacks by implementing a multi-layered approach when dealing with cyber security safety, starting with the right security software; this will allow you to detect and react to cyber threats fast and effectively.
Make sure that you have a good point-in-time backup at regular intervals stored offline and off-premises. That way, if you get compromised, it's just a case of restoring from backup once you have dealt with the initial malware infection.
Paying the ransomware is never a good idea
If you do, you will lose your money and will not always get the encryption key. You are funding their future criminal activity and, if it does not work, you will not get a refund!
Make sure your operating systems and applications are updated and that you have a good, multilayered regularly updating Internet security product.