What you should know about ransomware
Ransomware is a growing problem. In 2018, the number of ransomware attacks worldwide rose by 350%, according to a report by BDO. How do you obtain adequate protection against ransomware?
Ransomware is an umbrella term for various forms of malware that attempt to hold a user to ransom.
There are two main types which differ in the way they operate:
- "locker" ransomware, which blocks the entire access to an information system
- "cryptor" ransomware, which encrypts specific files on a workstation or server using an encryption algorithm.
In both cases, the attacker demands a ransom from the user to restore normal operations or release files. Usually, the user has to pay with a cryptocurrency such as Bitcoin.
Ransomware targets both private individuals and businesses. According to the Computer Emergency Response Team (www.cert.be), SMEs are a favorite target because they often invest less in security but are able to pay a high ransom.
How do you prevent it?
You can reduce the risk of ransomware by a combination of technical measures and user awareness.
Ransomware is mostly spread via an e-mail with an attachment or link to a special website. When the user clicks the attachment or visits the page, the ransomware is installed.
To prevent propagation by e-mail, it is above all important that users are taught never to just click an attachment – even if it seems to come from a trusted sender.
Make sure users can only run trusted software and adapt browser settings to block vectors such as Flash and Java.
A traditional anti-malware program on the system can block known forms of ransomware.
For unknown ransomware (so-called zero-day attacks), there are also adequate security solutions for blocking an attack in time.
What happens if you're attacked?
If your business becomes the victim of ransomware, experts advise you not to pay.
There is no guarantee that your files or systems will be restored, and businesses that pay are often attacked again later. Report it to the police and to CERT.
On the No More Ransom website, check if there’s a key for restoring the infected system or encrypted files. If there isn't, you’ll have to restore them with a back-up.
NB: some variants of ransomware can also spread to external hard drives and network drives, so it's better to only connect the back-up system to the IT system temporarily.
If a back-up device is not connected to an infected computer, it can't be encrypted by the ransomware.
Read more on how to protect your company
Interested in sparring with us on how to establish a more pro-active & integrated approach to ICT Security?