In 2018 it was reported that ransomware was trending down, but so far 2019 is telling a different story. Damage costs from ransomware are expected to hit around $11.5 billion this year and $20 billion by 2021 and it remains a significant cyberthreat for all organizations. In this blog we’ll address some of the most common questions about ransomware and outline some of the best ways to protect your organization from facing the ‘to pay or not to pay’ dilemma.
What is ransomware?
Ransomware is a type of malicious software that gains access to files or systems and is designed to block access to them until a ransom is paid.
What are the different types of ransomware?
There are two main types of ransomware today, Crypto ransomware which encrypts valuable files on a computer so that the user cannot access them, and Locker ransomware which locks users out their device until a ransom is paid.
How does it work?
Once the ransomware has been installed on a computer it executes on the local machine and then contacts a third-party server to download other payloads (applications) to activate the malware. It subsequently starts encrypting all the files on your drive. After it has completed it will display a paywall requesting money (usually in the form of non-traceable bitcoin) to have your files decrypted. If you don’t pay the ransom the files can be deleted by the hackers.
How does ransomware spread?
Ransomware is often spread through phishing emails that contain malicious links or attachments. It can also be spread by the “drive-by download” technique which occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge.
Will anti-malware solutions protect you from ransomware?
Anti-malware and anti-virus software aren’t enough to protect you from today’s modern threat landscape as they focus on known threats. Hackers are increasingly using Fileless techniques to download random payloads and signatures to avoid detection. Fileless attacks are on the rise with 77% of successful attacks using Fileless exploits. In fact, as many as 75 percent of companies that fall victim to ransomware were running up-to-date endpoint protection on the infected machines.
What is the impact from ransomware?
Temporary or permanent loss of sensitive or proprietary information
Disruption to regular operations
Financial losses incurred to restore systems and files
What are some top tips to protect yourself?
Always back up your data
Update your software regularly
Educate the weakest link in your organization – your employees – to ensure they don’t fall victim to a phishing scam
Take a layered approach to security to prevent cyberattacks
Prevent data exfiltration by blocking outbound data flow
Deploy an on-device solution to prevent unauthorized data from ever leaving your endpoints
How is ransomware typically paid?
Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators most commonly demand that ransom payments are paid in bitcoins. Less common alternative payment options such iTunes and Amazon gift cards have also been recorded.
To pay or not to pay, what is the correct approach?
There is much debate around the ‘to pay or not to pay’ approach to dealing with ransomware. The official recommendation from the US government is never to pay the ransom, using the wisdom that if they aren’t getting paid, they won’t keep trying. However, guidance from Forrester Research suggests that paying ransom should be seen as a valid recovery path that should be explored and evaluated just like any other business decision.
Organizations must consider their ability to recover from the cyberattack, outside consultant costs, recovery plans as well as cybersecurity insurance which in some cases will cover the ransom. It is important to note that even if you pay there is no guarantee you will get your data back.
The best way to protect your organization from ransomware is to prevent the attack from happening in the first place. These days hackers are attacking from all angles, profiling your employee’s behaviour as they browse online and through applications on your company devices, collecting data from across your networks.
BlackFog Privacy prevents the transmission of data from one device or network to another, filling the gap between Firewalls designed to prevent access and anti-virus/malware solutions that remove known infections after they have been discovered.
Being a victim of a cyberattack is a question of when, not if. Organizations must be able to prevent attackers from removing data in the first place as well as the activation of the ransomware on the device. Through a layered approach to security BlackFog spots, in real-time, when an attacker is trying to remove unauthorized data from your device or network and stops them in their tracks.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.