For as long as there has been the internet, there has also been malicious content and cybercriminals trying to steal sensitive information from people and organizations. And although there are measures you can implement to protect yourself against these types of attacks, it does not mean that they will stop, or that cybercriminals won’t continue to develop smarter and more advanced methods of infiltrating your data and networks. One type of attack that has been around for a couple of years now is ransomware. Recently, there has been an increase in ransomware attacks across the internet as hackers realize the potential profits from getting access to sensitive personal data, and company data that is typically vital for business continuity. Contributing to this increase is the fact that in some cases, it is more expensive to restore back-ups than to pay a ransom, which helps fuel the industry. Below we explain more about ransomware and how you can keep your data safe.
What is a ransomware attack?
A ransomware attack is a malicious attack on a person’s computer in order to gain access and exploit sensitive data. Typically, this attack is delivered via an email attachment which could be in the form of an executable file, an archive or an image. Email is one of the easiest ways for a cybercriminal to attempt to gain access to another person’s computer. Once a user opens the infected attachment, the malware is released into the user’s system. Another common method for distributing malware is through a website, where the malware is released into the system once a user visits the site.
One of the most dangerous parts of these types of cyber attacks is that the infection is not immediately apparent to the user. Instead, the malware operates undiscovered in the background until the computer or data-locking mechanism is deployed. Once this happens, a dialogue box appears informing the user that their data has been locked and will only be released if the user pays a ransom for it (hence the name, Ransomware). At this point in time the data has already been compromised and so it is too late to save it through any type of security measures.
If attacked, should you pay the ransom?
Paying the ransom is a dangerous solution and never recommended as it does not guarantee that the cybercriminal will release the data. Upon payment, there are also a number of issues that could go wrong accidentally. For example, even if the hacker provides a key, there could be bugs in the malware that prevents the encrypted data from being recovered. The bigger issue with paying a ransom, however, is that it does not address the issue as a whole and instead proves to cybercriminals that ransomware is an effective way to make money, providing them with incentives to continue their activities and find new ways to exploit systems.
Is it possible to decrypt files that were encrypted with ransomware?
Although highly unlikely, there are a couple of scenarios where it may be possible to recover data:
- The hackers made a mistake in the implementation of the malware making it possible for other technical experts to break the encryption.
- The malware developers feel sorry for their actions and decide to publish the keys or a master key in order to decrypt the data and repent.
- Law enforcement agencies are able to seize a server with keys on it to then share with those who have been infected.
- In rare cases, paying the ransom also works, but there is never any guarantee. As mentioned above, in this situation you’re also helping to support the growth of ransomware attacks and therefore are partly responsible for other people who get hit.
How to Prevent a Ransomware Attack
There are several preventative measures you can take in order to guard against a ransomware attack.
1. First and foremost, trust no one.
Any account – friend or foe, new business or old, large organizations or small – can be compromised and malicious links and attachments can come from the accounts of friends and family, colleagues, and people in your business network, and through social media and online gaming. As a precautionary measure, never open attachments in emails from someone you don’t know and be wary of suspicious email messages from people you do know. Cybercriminals have become experts in distributing fake email messages that look very much like email notifications from trusted people, businesses and organizations. These messages lure recipients into a false sense of security, enticing them to click on a malicious link which then releases the malware into their system.
2. Backup! Backup! Backup!
Ensure you have a recovery system in place and always backup sensitive data so a ransomware infection can’t destroy your data forever. As a best practise, create two or more backup copies and distribute them between different storage methods such as (1) a cloud storage provider (using a service that makes an automatic backup of your files) and (2) a physical storage device such as a portable hard drive, thumb drive, extra laptop, etc.. Always disconnect these external storage devices from your computer when you are done. These types of backup files will also become valuable in case you ever accidentally delete a critical file or experience a hard drive crash
3. Use robust antivirus software.
The right antivirus software will help to protect your system from ransomware. When managing antivirus system settings, keep the ‘heuristic functions’ option turned on as this helps the system catch and detect samples of ransomware that have not yet been formally identified.
4. Ensure all the software on your computer is the most up-to-date.
Whenever your computer’s operating system (OS) or other applications release a new version, make sure to install it right away, and consider turning on the option of automatically installing updates.
5. Enable the ‘show file extensions’ option in the Windows settings on your computer.
The ability to quickly see file extensions makes it easier to spot potential malicious files. In general, be wary of file extensions such as ‘.exe’, ‘.vbs’ and ‘.scr’. Many cybercriminals make use of file extensions to disguise a malicious file with something you would recognize – such as a video, photo, or document.
6. In the event of an attack, disconnect from the internet or other network connections immediately.
If you discover a rogue or unknown process on your machine, disconnecting from any internet or other network connection such as your home WiFi will prevent the infection from spreading.
7. For business enterprise software solutions, consider moving to a cloud-based solution if you currently run software on-premises.
Implementing cloud-based enterprise software applications (such as Blue Link’s inventory and accounting ERP system) provides your business access to a team of experts to help keep your data safe. With cloud-based solutions, the software vendor is responsible for maintaining data back-ups, monitoring hardware and servers and dealing with IT maintenance. Services such as daily back-ups, storing data in multiple physical locations, data retention procedures, 24/7 monitoring for performance and security requirements, and implementation of the most advanced malware software ensures your data is safe and you can continue to run your business as usual.
