Alex Bidhendy, systems development manager at Certus TG, sheds light on ransomware, what it is and how businesses can best prepare for an attack.
What is ransomware?
In a nutshell, ransomware is a virus-based cyber-attack in which a malicious code targets and encrypts a computer’s files and folders, and makes them inaccessible to the user. Ransomware goes by many names, but some of the more common variants include Cryptolocker, Cryptowall and Locky.
How does ransomware affect computers?
The ransomware virus infiltrates a computer usually by entering via an email, web link or PDF and, in most cases, the affected user is alerted by a pop-up message demanding a sum of money in exchange for a unique decryption key needed to unlock the affected data.
Those who are unfortunate enough to find themselves in this situation will often be given a time limit, stating that failure to meet the criminal’s demands within a fixed period will result in the encryption becoming permanent – thus the data being lost forever.
Older forms of ransomware would previously extort money in a similar fashion, but rather than rely on sophisticated encryption algorithms, it would lock a user out of their entire system until the demands were met. Ransomware can also penetrate your system via a security vulnerability in a frequently used application, through a web-app or downloaded files, although the most common entry point is a malicious email attachment.
What should I do if my system is attacked by Ransomware?
If your business falls victim to a ransomware attack, there are a number of actions to choose from. Businesses can either:
– Pay the criminals the sum of money they request in the hope that they they’ll provide the necessary key to unlock the data – although there is no guarantee that they will and most experts, including ourselves, agree it’s a bad idea,
– Recover the data from a robust and reliable back-up made prior to the attack
– Do nothing and accept that the data has gone.
If an attack happens, it’s vital to report it to the police so that they can begin an investigation. Although there’s no guarantee that they’ll be able to retrieve your files, by reporting the crime you are helping the authorities gather important intelligence to help prevent future cyber threats.
Once infected, a business cannot decrypt the affected data without possessing a unique decryption key. Businesses may be tempted to try and remove the malicious application, but this won’t decrypt the files and could even make the situation worse. Many ransomware attacks even warn the victim that an attempt to remove the software will permanently prevent access to the encrypted files.
What can businesses and individuals do to prevent themselves being attacked?
The saying ‘fail to prepare, prepare to fail’ is particularly relevant to cyber threats. Businesses can take a number of measures to protect themselves from online criminals, one of the most reliable include taking preventative action, by incorporating cyber security systems that will fully protect their data, such as C-Assure 365.
Generally, businesses should have a comprehensive and thorough disaster recovery plan. Businesses must also remember that anti-virus software doesn’t necessarily pick up threats of ransomware, so the need to be vigilant is crucial. And once it’s in their machine it can affect the wider network.
Safe and cautious use of the internet and email is paramount. This means ignoring suspicious or unsolicited email messages – particularly those with attachments or hyperlinks – and not visiting or linking through to websites where content may be questionable.
In addition, businesses can also:
1) Install a reputable anti-virus program. Usually these will come with anti-malware (and in some cases anti-ransomware) capabilities.
2) If businesses are part of a wider network, they should avoid mapping drives or sharing folders where possible. A ransomware attack on can encrypt files over a network and will use these conduits to do so.
3) Stay up to date with Windows Updates. Vulnerabilities in an operating system that criminals might exploit can be corrected through security patches.
4) Maximise the chances of restoring affected files without paying a ransom, by ensuring that your data is backed up regularly and, most importantly, ensure that the resulting backups are stored in a secure location that cannot be accessed by an attacker.
Can all businesses fall victim to cybercrime?
Yes. There’s a slight perception that small, fledgling businesses are more at risk cybercrime, but if the last 12 months have taught us anything, it’s that big corporations are not immune to the actions of cyber criminals. Only last February, the Hollywood Presbyterian Hospital in Los Angeles paid over $17,000 to a ransomware attacker in exchange for safe return of its data. Given the scale of the attack, it was deemed that paying the ransom would have less financial impact than coordinating the recovery of data through traditional means via backup and recovery. Remember: paying the demanded sum is not always the best idea, and the majority of experts will not recommend it. Before you pay, consult a cyber security expert for guidance and inform the police.Back