What is Ransomware?

Ransomware is a type of malware that uses encryption or outright theft to hold data hostage.  Data is encrypted and sometimes stolen with the threat of public release.  A payment is then demanded to unlock files and or delete the stolen copy of the data.

Malware must have a way into a device or a network. The most typical is through phishing. Phishing is a way of baiting a user to click on something that will launch malware onto their device. Most commonly, this is seen through emails, and sometimes websites. Phishing emails come in many forms, but all invite a response. Websites may provide a pop-up informing users of malware that exists on their system that can be removed when users hit OK. Clicking on that button or opening an email attachment may allow the hacker access to the user’s device. User vigilance is key to prevention.  Since some attacks utilize zero-day vulnerabilities or simply unpatched vulnerabilities, keeping systems fully patched and up-to-date is another crucial area of prevention.

What you may have seen in the news:

The Colonial Pipeline
The ransomware attack made on the colonial pipeline locked up certain files that made it impossible for them to operate. The company then made the decision to shut down their systems so that they could isolate the threat.  This resulted in fuel shortages along the eastern United States. In order to stop the panic, the company paid the 4.4 million dollar ransom. This enabled them to restore operation faster than trying to rebuild their systems.

The Kaseya Attack
Kaseya, a company that provides remote system administration, was attacked on July 2nd. Right when most Americans were settling in for a long holiday weekend, the largest ransomware attack on record was perpetrated by a Russia-linked group known as REvil. They have done damage in the past to JBS, the world’s largest meat-processing company, who ended up paying $11 million to get their files back.

The attack on Kaseya began with attackers scrambling data to cripple operations, paired with a demand between $45,000 and $5 million for a decoder key. They are also offering a universal decoder for all its victims in exchange for a lump sum payment of $70 million.

What can you do?

A good backup can make recovery from a ransomware attack possible without payment. What does a good backup look like? Your backups should be incremental and disconnected from your computer. Copying your files to another drive will not necessarily protect them. Most ransomware variants today will encrypt every drive that is accessible from a computer.

In recent years, as businesses become more knowledgeable about the importance of backing up data, ransomware attackers have begun stealing data as well as encrypting it. No form of backup will stop the publishing of data to the internet if payment is not made. Caution and vigilance are key to keeping these threats at bay. Good passwords and two-factor authentication where available can reduce the risk of being compromised as well.

If you have further questions about how to protect your data from unwanted attacks, please feel free to contact us.