Ransomware threats have been escalating in recent years and will continue to do so as the nature of these ransomware attacks have become more complex and dangerous. In order to effectively deal with ransomware, it is important to be aware of what they are and how they work, as well as look at some measures that can be done to prevent ransomware attacks.
What is ransomware?
Ransomware is a type of malware that prevents users from accessing their device, including the data stored on it, usually by encrypting the files, or locking the user outright from their device. In effect, the data is being held for ransom by the cybercriminals who deployed the ransomware, usually demanding a hefty amount in exchange for regained access to the data.
How does ransomware work?
A ransomware attack occurs in three stages:
Access - Attackers gain access to the network of their identified victim. They establish control and plant malicious encryption software and may also take copies of the victim’s data for the purpose of leaking it, at the very least the intention to do so.
Activation - The malware is activated, which locks the victim’s devices and causes the data across the network to be encrypted.
Ransom demand – The victim will receive an on-screen notification from the cybercriminal, explaining the ransom and how to make the payment to unlock the device or regain access to the data. Payment is usually demanded via an anonymous web page and usually in cryptocurrency such as Bitcoin
Should malware victims pay the ransom?
Law enforcement authorities do not encourage malware victims to pay ransom as it entails dealing with criminal groups. There is also an uncertainty that the cybercriminals will restore access to the device or data once the ransom is paid.
And even if access to the affected device or data is restored, there is the risk that the device remains infected with the malware that is already embedded in the device’s software. There is also a probability that the data was already leaked which, depending on the sensitivity of the data, would adversely affect the victim.
Ransom payment also makes the victim a more vulnerable target for future malware attacks by other cybercriminal groups. Future malware attacks may be more devastating, not only for the network and the data but for the finances as well.
How can one be protected from ransomware?
As the first line of defense, it is critical to strengthen the enterprise’s cybersecurity setup and update it on a regular basis. It is important the cybersecurity infrastructure is set up in a way that even if one section of the network is already affected by ransomware or other threats, the system would be able to contain such threats immediately, preventing it from affecting other parts of the network until paralyzing your organization as a whole.
It is also important for the enterprise to regularly back up its data and store it in an even more secure environment. This would ensure business continuity even if malware has affected a section of its network.
Malware victims are also encouraged to report such incidents to authorities. This can help in eventually apprehending these cybercriminals and prevent them from further making ransomware attacks on other individuals and organizations.
コメント