Thursday, June 29, 2017

What Ransomeware is, and Why it is So Effective

Ransomware has been big in the news again with new strains like WannaCry / WannaCrypt and Petya being released. Yet if you do not understand what Ransomware is, or how it is so effective, it can be hard to protect your devices, your business, and your data. This post explains what ransomware is, why it is so effective, and how it poses as a risk to nearly everyone.

What Ransomware is, and Why it is So Effective

What Ransomware is
In the simplest terms, Ransomware is a piece of malicious software. It is designed to infect devices and encrypt all the files on the device. Ransomware can be received by following a link in an email, from a USB drive, a website, or an attachment in an email.

Once Ransomware infects a device, it encrypts all the files on the device rendering them inaccessible by the victim.

Some facts:
  • Millions1 - the number of Ransomware attacks in 2016
  • 33 hours2 - the average number of hours spent recovering from a Ransomware infection
  • Increasing3 - nearly every statistic surrounding Ransomware including: distribution, families, infections, spread, business attacks, demand amounts and payments

Clearly Ransomware attacks should have your attention if you own a business, work for a business, or have electronic files you care about.

Why Ransomware is So Effective
While the files still exist on the device, within minutes they are inaccessible to the user because they are stored in an encrypted state. Ransomware is extremely effective because it also encrypts:
  • Locally attached USB drives, even those used as file backups
  • Mapped network drives, helping it spread across the network
Once infected, the victim is prompted to pay a ransom for the decryption key to unlock the files. The ransom is requested in bitcoin because it is essentially an untraceable currency. In theory, the decryption key is entered on the infected device and all the files go back to their original format so they are usable.

Since there is no guarantee a device will never be infected, or infected a second time, there are some things we should do to protect our information.
  • Be cautious about the:
    • Emails you open
    • Attachments you open
    • Files and software you download
    • Websites you visit
    • Links you click on
  • Create secondary logins on devices when children and other family members also use them
    • This is especially important for devices that are used for both personal and business functions
  • Log out or lock business and personal computers when walking away
  • Implement a backup system for important files
    • The backup rule of 3 states to have:
      • 3 copies of important files
      • 2 different types of media for storage
      • 1 offsite location
    • Whatever type of backup system you have, be sure to test it regularly! This includes:
      • Restoring random files to make sure they are intact
      • Documenting the process so it is repeatable
      • Knowing in advance how much time the recovery process takes
    • If part of your backup system is manual, set up a reminder system so it becomes a habit
In summary, Ransomware is a threat that should be taken seriously by everyone. Whether you are the owner of a business or simply work for a business, in part, the livelihood of the business depends upon being able to function normally. Being denied access to all files on a device or network can be costly and debilitating. Consistently educating ourselves, being careful, and planning can play a critical part in data protection.

As always, using caution is a great start, but planning ahead and being prepared is critical to maintaining business continuity and normal daily functions.

Want to know more? Visit our Ransomware breakdown page.

Enjoy this post? Subscribe to our Blog

1Information from a Malwarebytes study.
2Information from Cyberheist News Vol 6 #47 November 21, 2016.
3Information from multiple Internet searches on "Ransomware distribution".

No comments:

Post a Comment