“****, my system has been attacked by ransomware…” has been one of the most commonly said statements in this year alone… The last several months have seen ransomware evolve from a relatively small hacker operation into a global IT epidemic, and one of the most dangerous security threats facing enterprise organizations today. There is one good thing about ransomware too. It doesn’t discriminate!!! It will attack your system irrespective of the fact whether your organization is the leader or the follower… you work for greater good or bad.
Before we move further, a brief about ransomware. Ransomware is a type of crypto-malware used for cyber extortion. Ransomware holds a victim’s computer or their files hostage via encryption while demanding payment in exchange for decrypting the files and releasing access to the user’s device. Ransomware is usually spread through phishing attacks containing a malicious email attachment, infected program, or link to a compromised website. Ransomware attacks have evolved to target businesses, encrypting entire networks of computers or files and bringing business operations to a halt until the ransom is paid.
From a CIA perspective, (don’t confuse it with the American intelligence, I was talking about the triad - confidentiality, integrity, and availability), ransomware targets the availability aspect. The files are made unusable till the time ransom is made. There are no changes made to the files. They are just encrypted. Hence, the best bet to not be crippled by ransomware is to back up everything at periodic intervals. The latest your backup, the less is chance that you would even feel the pain given by the ransomware.
Tip: Always back up your systems. The best bet is a cloud storage backup.
However, the most logical question is - Why did my system get infected and what could I have done to prevent it?
Amongst many reasons, the following are one of the most common ones:
- Not applying the patches on time.
- AV signatures are either not updated or / No use of deploying AV
- Downloading software that seems genuine but is full of malware from torrent / fake websites
- Opening attachments from unknown senders.
Keeping your systems up to date with respect to patches and anti-virus is one mechanism that helps to reduce the ransomware problem. Additionally, users need to upgrade the software that there is no support available from the vendor. For example - if you continue to use Microsoft Windows XP or Windows 2000 server, you are at risk. Half the battle against ransomware can be won if we follow basic cyber practices.
Open-source software can be a better alternative if you don’t want to spend a few bucks for the software. In fact, using open source is a better option than downloading malicious software from pirated websites. It is also important that you download the software from the OEM’s website only.
Emails are also one top source of spreading malware. It is important to follow the best email practices in this regard.
From an organization’s perspective, educate your employees - not once in a lifetime, but every day. Don’t make this training boring. In fact, hands-on training or simulation drills are one of the best ways to educate them.
One final tip is “Don’t pay ransoms unless absolutely necessary”. Paying a ransom doesn’t guarantee that you will get the key to decrypt. Paying the ransom only establishes you as a paying target for future attacks and has even led to follow-on data breaches at some organizations. Unless you have absolutely no other choice, avoid paying ransoms.
Hence #becybersafe, #becybersmart, and don’t forget to spread the message across.
Comments ()