This month’s newsletter will be covering ransomware, and discussing what can be done about it.
- What is Ransomware? Why is it so popular?
- What can I do to protect myself from Ransomware?
- What are some good options if I get infected?
- What can I do to prepare for an attack?
Ransomware has become one of the most popular hacking tools in use today. The attacks seem to come out of nowhere and they are a cheap and effective way for hackers to get money out of a victim. Luckily, there are things you can do to protect yourself and your business against these types of attacks, as well as recover from them if you are affected.
First let’s look a little into where ransomware came from, and how it affects us today. Before ransomware came about, hackers were in the practice of attempting to install keyloggers to try and capture you typing in your credit card information. They would then use the entered numbers and fraudulently charge your card for whatever they wanted. This method worked, but was not consistent. Online criminals began to look for something easier and quicker. Along comes Ransomware; the first of its kind was called Cryptolocker, and it hit hundreds of thousands of individuals and businesses before antivirus companies could even start responding to it.
Most ransomware attack originate via fraudulent email attachments that are disguised as legitimate attachments. Once the attachments are opened, Cryptolocker (and variants) encrypt all of your files. They then let you know that your files have been encrypted and that you can get them back by paying a fee ($300, $500 or more). If paid in time, all encrypted data is made accessible again. However, if you fail to respond in a certain timeframe, the opportunity is gone, and your files are encrypted forever.
This type of pressure is what sets it apart from the old ways of phishing. Instead of hoping and waiting for something to happen, it forced the user into reacting immediately. NOTE: There is a possibility that their system for unencrypting fails: i.e. you pay the ransom and DO NOT get your data back. This is why proper backup is even more important.
With the correct solutions in place, it is possible to prevent or recover from these attacks. Almost all antivirus solutions now have some way to detect ransomware, but this does not work 100% of the time. Rather, a secure backup presents the best and fastest solution. With either a backup to the cloud or on-premise that is not in danger of being encrypted AND that employs some type of versioning scheme, you can roll back your files to their original, unencrypted state.
It is important to be ready when it comes to ransomware. It can lock down entire businesses until it is resolved. With the right tools you can be protected, but it is important to know where to start. At Grundig IT we work extensively with backups, both cloud and on-premise. We also help with security via firewalls and antivirus solutions. By taking steps to make sure your server, network and workstations are secure, it is possible to prevent some attacks before they become a problem.
NOTE: A new breed of antivirus (Cylance, for example) has arisen to combat today’s most pesky threats. These antivirus programs rely on machine learning. That is, they monitor your computer to learn about your normal behaviors. Then, they respond when abnormal behavior is detected. This is very different from traditional signature-based antivirus solutions and can stop attacks from doing more damage. It is more like the immune system in our bodies – these new tools assume that attacks will occur and attempt to quickly mitigate the damage. Ask Grundig IT how you might benefit from using this new breed of antivirus solution.
— Tom Grundig 925.528.9081 email@example.com