What is Ransomware:
Malicious software designed to encrypt a victim’s files and then demand payment, generally in anonymous Bitcoin, in exchange for decrypting the files. As with other malware infections, ransomware attacks typically start with employees falling victim to phishing emails or visiting compromised websites. Unlike other malware infections, however, the primary goal of ransomware isn’t to gain stealth and persistence for long periods. Instead, its priority is to spread as quickly as possible, encrypt as much data as possible, then actively alert victims of its presence so criminals can extort them.
What makes protection a challenge:
Ransomware will lock up any drive the employee has access to, including connected USB drives and network shares. Once files are encrypted, the only way to regain access to them is to a) hope you have a reliable, up-to-date backup, b) hope a security researcher has cracked the encryption and made a decrypting tool available, or c) hold your nose and pay the ransom. Paying up is anything but a sure thing, because, well, ransomware authors are criminals. Being dishonest is what they do. They’re also occasionally less than spectacular at coding, so there’s also the risk of paying the ransom only to find your files were accidentally destroyed or rendered unrecoverable. One reason ransomware is hard to protect against is that it’s built to turn a strength — making files accessible across an organization — into a weakness. Additionally, with ransomware developing into a billion-dollar industry, there’s plenty of incentive for criminals to continue investing in delivery and evasion tactics to keep their business model humming. That means they can change faster than your signature-based security solutions can keep up.
Want to discuss it further, contact us today!
COMMON SECURITY THREATS SERIES:
Learn about other security threats you might be up against: