With ransomware, your data stores are compromised and held for ransom by malicious parties who expect you to pay to regain access to your own data. . If you refuse to pay, you may stop functioning as an organization, or worse, people may die. Practically every professional these days uses IM, SMS, and social media like LinkedIn, all of which can be ransomware sources. (See related post, "Are You Safe on LinkedIn?")
Ransomware is a type of malware. Two common examples are Locky and Samas. Ransomware can infect computer systems by limiting or blocking access to the infected systems and the data the systems contain. Hardly a new problem, there have been many small cases for several years now. The ransomer's goal is to extort money from victims by displaying an on-screen alert notifying that systems have been locked or that files have been encrypted. To regain access, a ransom needs to be paid, a sum that can vary from hundreds of dollars to thousands, paid in virtual currency such as Bitcoin.
Phishing emails with malicious attachments and drive-by downloading are two common methods. Drive-by downloading occurs when a user visits an infected website, resulting in malware installation unbeknownst to the user.
Crypto ransomware is another form of malware that encrypts files. This form can be spread through social media, for example Web-based instant messaging applications. Vulnerable Web servers have been exploited as the entry point into an organization's network.
Created in collaboration with the Canadian Cyber Incident Response Centre (CCIRC), the National Cyber Awareness System (NCAS) provides an excellent resource on ransomware variants that should be reviewed by IT professionals. NCAS is part of the Department of Homeland Security (DHS) and has within its responsibilities the United States Computer Emergency Readiness Team (US-CERT).
Ransomware has frequently affected home users, but has more recently moved on to target businesses. Effects on a company can be catastrophic, with consequences including:
There is no guarantee the encrypted files will be released upon payment, although you are guaranteed they will keep your money. Remember, these are criminal attackers -- can you trust them? Further, decrypting files does not mean the malware infection has been removed, and you may very well be attacked again.
In my experience -- and I have been using PCs, mainframes, and minicomputers for over 40 years -- there seems to regularly be some strange computer performance issues that at a minimum requires a restart and/or running some security check programs. Ransomware authors try to produce fear and panic that causes the user to click on a link or pay a ransom. Unfortunately this may actually increase the malware infection, not remove it. Intimidating messages pop up like:
You need to modify your mindset. Loss of data access is nearly the same as loss of a system or network. You need to plan and implement a backup methodology that mimics the backup you designed for a system/network failure. The cloud comes to mind as a possible choice. You need to implement preventive measures so you can avoid downtime and not pay the ransom. You should also test and practice the backup design to ensure it works the way it is planned. Here are a few tips:
Tags:
Articles You Might Like
