What you need to know
Recent articles in the NZ media and overseas have highlighted the increasing incidence of ransomware. While a great deal has already been written on this topic, many small and medium size businesses (and some large companies and corporates too!) struggle with what they need to do to: 1) recover from a ransomware attack, 2) prevent a ransomware attack.
The following is an attempt to outline the key aspects of these two points, with reference to some standard measures in a security framework.
Hopefully there is something here that will be useful in the ongoing challenges we all face from ransomware.
Ransomware is a type of malicious software (malware) that encrypts files and/or folders on your systems. Once files are encrypted you need a key to decrypt them. If files are encrypted outside of your efforts – by a third-party using malware/ransomware – you will not have the decryption key so the files will not be accessible by you.
Ransomware attacks typically target system folders and shared file areas, so illicit encryption can quickly become a large-scale problem. When folders are encrypted, you are unable to access all files within those folders. When a file share is encrypted, you are unable to access all files and folders within the share. When multiple file shares are encrypted… well, you get the picture.
What is the impact of ransomware?
A ransomware attack is designed to hinder your organisation’s ability to access data needed to conduct business and, at worst, can cripple your business completely.
The disruption caused can include loss of productivity, income, reputation, customer trust and resources.
How can I be infected by ransomware?
Infection by ransomware (and any other type of malware) can occur through attacks from phishing campaigns, usually via email. Phishing tries to trick you into clicking an infected link or opening an email attachment. Clicking a link will take you to a malicious location which triggers the download of malware to your computer. Opening an attachment than contains malware will similarly trigger the execution of malicious code.
In both cases, a virus or other malware operates by damaging files and/or taking control of your computer, or your entire computer network if you are part of a large collection of technology devices.
Ransomware and other malware can also exploit situations where you have poor password observance and/or don’t regularly apply patches and updates on your software. Vulnerabilities of this nature will carry a similar risk to a phishing attack, ie malicious software could breach your cyber defences and infect your computers.
Assuming you won’t ever be hit by ransomware or malware is wishful thinking – even the best cyber-defences in the world will be breached at some point. So being hit by ransomware is probably not a matter of ‘if’ but ‘when’.
‘Ransom’ implies there is money involved, right?
Attackers that deploy ransomware are generally financially motivated. They’ll try to extort you by demanding you pay a ransom to be given access to your system and files again. The promise is that when you pay a ransom you will receive a key to unlock the encrypted files.
However, when attackers have access to your files they will sometimes extract information before it is encrypted, effectively harvesting data from you. In this case a second type of extortion can be used, where the attacker threatens to sell or release this sensitive information unless you pay a ransom.
Further, a third type of extortion is where the attacker threatens the original owners of the information (your customers and business partners) with release of the details unless they (or you) pay a ransom.
More To Come...
Look out for the next instalment in this topic.
In the meantime, browse more Thistle Tech posts by clicking this button.
If you need assistance with this topic,
or advice on any other aspect of what we do,
feel free to contact us using this button.