Ransomware is a type of malicious software that criminals use to block access to data on your system. The malicious software encrypts the files on your system and can affect individual files, the entire operating system and potentially other systems on your network.
With your files or systems encrypted (locked), it is effectively held hostage until a ransom is paid.
Now that you have an understanding of what ransomware is, let’s dive deeper into how it works and how backups can help.
How does ransomware work?
Ransomware criminals identify potential targets by gathering information from organisations and their employees. Utilising social media and social engineering techniques, attackers prepare sophisticated campaigns that mimic real world scenarios or actions with the aim to infiltrate systems or networks around the globe.
While ransomware is a complicated and sophisticated area, there is a consistent method that you can expect to see in the event of an attack.
- Delivery – After identifying a target, the attacker will attempt to infiltrate the victims system or network. More often than not, this is accomplished with phishing (pretending to be someone you know such as a colleague) or brute force (quantity over quality) attacks.
- Execution – When the file or link is opened by the victim, the ransomware is deployed and immediately begins to scan the victims system and available networks. Any and all available files will be encrypted shortly after (usually within minutes).
- Backup and system restore functions are specifically searched for and disabled/encrypted at this stage in an attempt to stop the victim from easily recovering from the attack.
- User Notification – At this stage the victims system and potentially others on the network are now shown a message demanding a ransom be paid within a given time frame.
Why is ransomware dangerous?
Ransomware can cause disruptions to business operations, monetary damage from the ransom itself, additional financial loss from the investigation as well as reputational damage causing loss of current or potential customers.
The challenge with a ransomware scenario is that the attacker holds all of the cards. More often than not, the attacker will demand a ransom be paid within a given time frame, with the ransom amount increasing each time that time frame is missed.
If the ransom is paid, there is no guarantee that the files will be unlocked for use and even if they are, a further investigation needs to take place to ensure that nothing has been left over from the attack which would allow the attacker to repeat the exercise at a later date.
In addition to the uncertainty of the exchange, the majority of ransomware scenarios include the requirement of paying the ransom with cryptocurrency, making it extremely difficult to track, if not impossible.
How can you protect your business from ransomware attacks?
- Use reputable and up-to-date anti-malware software in conjunction with a firewall
- Be vigilant towards unsolicited emails and phone calls
- Create an effective backup of your data and monitor it to ensure it’s ready when you need it
- Invest in ongoing employee training as this will ultimately be the first step in preventing an attack
How can backups help in the event of a ransomware attack?
Following industry best practices with regards to your backups and backup/disaster recovery plans is crucial in reducing the impact of a ransomware attack in your business.
Alert Centric not only monitors backups, but also provides advanced reporting to maintain compliance and audit tracking. Moreover, Alert Centric helps reduce the time and cost spent on manual backup checks.
Ransomware is a real and present day threat to businesses the globe over. Removing the risk of being attacked entirely isn’t possible, but taking steps today to reduce that risk and minimise the potential impact is easier than ever.