Don't Let Ransomware Take Hostage of Your Information
Category
Awareness
Risk Level
Ransomware: you’ve heard about it in the news. A portmanteau (like “clofficewear” or “maskne”), it’s a combination of “ransom” and “malware”. The name came about because malware - a harmful program or file - gets on your computer, and holds all you information ransom by making it unreadable. You usually realize it when a ransom note pops up on your screen, but unfortunately this one isn’t made out of letters from a magazine and is going to be a big problem. In order to unlock your information, you need to pay, and it can be expensive.
If you decide not to pay (and paying does not guarantee getting your information returned or decrypted) your only choice is to restore your information from a backup, but your success can vary. If you have complete and secure backups, you can use those. However if your backups are slow, or are incomplete, you could be out of commission for days, or worse, permanently. Recently the City of Baltimore was hit with ransomware that brought the city to a standstill and has cost the city an estimated $18.2 million to date. To make matters worse, some of the information was not recovered.
The curious part about ransomware is that historically most people and businesses are not a direct target. Hackers scan the internet with automated tools looking for weaknesses. When they find one, the tool often automatically infects the computer with the ransomware. What’s even more interesting is that many hackers don’t even know if their ransomware has worked until someone contacts them asking to pay the ransom.
This is starting to change though. Larger hacker groups, of which some may have been emboldened by past victims paying the ransom, are starting to target major organizations and the most sensitive parts of what they do. This is a mutation in the approach, from the previous dragnet method, towards targeting potential victims with the most to lose.
An FBI announcement called out this change, along with outlining the main contributing factors associated with ransomware infection:
Exploitation of Remote Desktop Protocol (RDP), a way to remotely connect to a computer; and,
Exploitation of known software vulnerabilities, those weaknesses we talked about earlier.
So what can you do? Make sure you always apply updates to software and your operating system as soon as they are available. Also disable RDP and find different methods of allowing remote access. Finally, train yourself to recognize phishing emails and remain skeptical if you receive an email that is out of the ordinary or seems too good to be true.
If you or your organization are struggling to find a way to stay ahead of ransomware and not get caught, let’s talk about our Vulnerability Assessment, Cybersecurity Policy & Controls (focusing on Business Continuity Planning), and training your team with our Phishing Simulations and Awareness Training. By planning ahead, we can help you keep doing what you do best.