Even if you have never heard the word “ransomware,” you definitely know that hackers may block the system or computer and demand money for unblocking. Keep on reading to find out how to avoid it, what to do if you caught it, and about the incident response service as the way of dealing with it.
What is a ransomware attack?
It’s malware that blocks access to the personal files or system of the user and demands money to unblock it. It’s the general idea of ransomware that manifests in various forms.
How can I catch it?
There are two common infection methods:
malicious spam
Means the malware is shared via email. Such emails include links on malicious websites or documents in attachments. To raise the chances of pressing on links or downloading attachments, attackers often resort to social engineering. They may disguise the sender and the website as a trusted source. For instance, as trusted internet shops or even as state institutions. Most likely, the user will follow the link sent by Tax Service or police.
malicious advertisement
Means sharing malware through online advertising. It may seem like a not working method – everybody knows that it is better not to click on strange advertisements. But the snag is in the visibility of these ads. Users can be directed to attackers’ servers without clicking on ads. Attackers may use an infected iframe or invisible web page element to do malicious actions with no interaction with users.
Types of ransomware attacks
The difference is in the type of assets that each holds for ransom.
Locker ransomware
With this malware, the attacker makes a device inoperable. Users cannot use it and don’t have access to the files. Mostly, the only thing the user sees is a window saying to pay money in exchange for unblocking the device. The good news is that hackers mostly don’t “touch” the data with this type of attack.
Crypto ransomware
This malware aims to block the immaterial assets, not the device. That’s why it is so dangerous. So the attacker encrypts essential data of the user, not interfering with basic computer functions. The user might see the files but couldn’t open them. To make the appearance even more spectacular, attackers add the countdown clock and say that they will delete them if the user doesn’t pay. No one wants to lose vacation photos, etc. But imagine the crypto-ransomware reached the devices of the whole company. The business might lose the intellectual property, etc., and just will no longer be able to exist. But the hacker might take the payment and not give the data back. The snag is that the only guarantee you have – is the promise of the guy who encrypts the data. Sounds not so reliable, right?
New target
Earlier, the main targets of attackers were actual people, typical users, and their personal information. Nowadays, hackers have more ambitious goals and target businesses, not users by themselves.
According to an interview with 2,000 senior security engineers conducted by CrowdStrike in September and August 2020, more than half of the companies employing respondents experienced ransomware attacks. Sadly, 27% of those who experienced the attack paid the hackers ≈ $1.1 million.
How to protect the business?
The best way to deal with ransomware is to think forward and prevent ransomware from happening because the methods for dealing with ransomware require high technical skill and include interaction with attackers.
Invest in cybersecurity
Have a cybersecurity program suitable for your business and think proactively. The proactive approach allows saving money and time when it is critical. You should see the pain points before they become the target of attackers. Have real-time monitoring and protection to thwart advanced malware attacks such as ransomware. Provide stronger protection for critical information. Cybersecurity program cannot exist without an incident response plan. So, even if a ransomware attack happens you will know what to do and who to call.
Back-ups
Always do back-ups of your work on a regular basis. You may use cloud storage with high-level encryption or just old-school USB (we recommend the first one). If you choose the cloud platforms offered by the likes of Amazon Web Services, Microsoft Azure, and Google Cloud, you can be sure of your data protection. Having back-ups around, you can provide yourself with business continuity and restore all work faster in the case of a cyberattack.
Updating
Take care of updating your systems and software in time, even if you don’t like the new colors of updates. We recommend enabling automatic updates, so there will be no need to keep it in mind. It might seem obvious, but think about it one more time: if you see a suggestion with updates, it means IT guys were able to make the product better. They might have found security gaps also. Ignoring the updates, you agree to have an imperfect version of an existing system or software.
Security awareness training
If you educate your staff, you protect the business from almost half of existing attacks. Explain to people from untechnical positions why it is important not to click on the links from the emails of unknown senders and not to have the birthday date in the password.
To pay or not to pay?
(First of all, we hope that you read it before you caught ransomware)
You have to decide what to do and then move forward. But, of course, we urge you not to pay. By paying the attackers, you allow them to win. And if they win, it means their methods work. And that means they will continue their dishonest deed.
The best decision is to entrust dealing with ransomware to professionals. If your business is experiencing a ransomware attack, it comes the time for an incident response plan. Dealing with attack includes the next steps:
- Isolating infection
When the attack is detected, it is vital not to allow it to spread farther and infect even more machines.
- Identify the type of ransomware
It allows understanding how it spreads, what types of files it encrypts, and how to deal with it.
- Inform your colleagues
Explain to people what is going on inside the company, what is your plan of action and what is required from them.
- Update security system
Take into account the gaps that caused the attack and update your security system in accordance with the conclusions.
- Restore
It is time for the backups. Recover the business processes and be vigilant because sometimes attackers may not show themselves and still threaten the company.