Ransomware – Don’t let them blackmail you!
Prevent ransomware attacks before costs explode.
Ransomware is malware that encrypts sensitive information locally and on networks and then demands a ransom to decrypt it again. It’s gotten so bad that cyber criminals now upload critical company data into public clouds to circumvent existing backups and have another means of pressure. The data is also stolen to be sold to third parties.
Encryption via ransomware can only be reversed with the right key and the only alternative to restore the data is a secure backup.
Ransomware is especially effective. For other types of malware that destroy or steal data, there are other means of data recovery. In the event that you have no backup, paying the ransom is often the only way to recover data, but there have been cases where companies pay the ransom but the attackers have refused to send a key. We generally recommend, if it’s feasible, not to pay any ransoms, as this only supports the attackers.
Ransomware used to gather important information.
Once the ransomware is activated, it searches the local and network storage for data to encrypt. It searches for specific files that are especially important for the company or the individual. This also includes backup files that can be used to recover your data. The attackers, above all, are looking for the following information:
- Mails e.g. messages from CEOs or CFOs
- Databases, e.g. price calculations, financial data
- Archives and photos
- End customer data
We’re happy to advise you.
Phishing e-mails often contain ransomware.
The difference between ransomware and other malware is what happens after their activation. Usually, ransomware is executed once the user clicks on a link in the phishing e-mail or opens the attachment. The malware is then downloaded from a server that the attackers control.
They then try to intrude deeper into the infected device’s and to spread out across the company network onto other devices. Their goal is basically to find sensitive data and destroy any existing backups.
Attackers demand a ransom
Attackers usually demand a payout in cryptocurrency, mainly in Bitcoin as this payment method drastically reduces the chances of them getting caught. Attackers hide their servers behind the TOR anonymity network so as not to be identified.
After the ransomware has encrypted the files, your company receives a message demanding money for the code to release your files. This ransom can be anywhere between a few hundred to millions of dollars. If the users don’t pay right away, the attackers may even increase the ransom amount.
Prevent ransomware with backups
The best way to limit the residual damage of ransomware is to use modern security applications and backups on various media such as tape. Another way of backing up files is to use cloud storage. The exception to this is if you recognise the cloud storage as a local drive or subfolder.
Prevention is the best tool to limit damage caused by ransomware. Most attacks begin when users download the software unintentionally. Some examples are phishing e-mails or Word files that execute macro malware.
Two ways to prevent users from downloading ransomware are DNS-based content filtering and e-mail cybersecurity solutions with smart quarantine features. DNS-based content filtering prevents users from accessing websites that are on the blocked list. E-mail filters quarantine malicious content and attachments so they can be reviewed by an administrator.
It is also advisable to always use modern endpoint security software with machine learning (artificial intelligence) that can recognise typical attack patterns on all devices (including mobile devices). A good anti-malware application will detect and isolate ransomware before it can access memory and encrypt files.
Our specialists recommend a modern endpoint security solution with ransomware protection, as well as backups on mixed media such as tape.
We’re happy to advise you.
Ongoing threat from ransomware
Ransomware targets businesses of all sizes and can cripple your entire organisation if you do not have a modern security solution. It is important to understand how ransomware attacks work and what impact they can have on your business. The best protection against an attack is to educate users, install modern security solutions on all devices and ensure that users are able to recognise phishing mails and then not open them. (We recommend continuous e-mail anti-phishing training, such as with Sophos Phish Threat).
Our Enterprise Specialist Team
Our enterprise security specialists will be happy to support you in the area of ransomware protection. We are happy to take the time to work out a suitable solution for you and your company.
Our specialists also support you in the areas of:
- Network security / firewall, access point switch
- Storage, backup and tape solutions
- Endpoint, mobile and server security
- Phishing trainings and mail protection