Ransomware - what is it ? Why do i care ?
One of the hot security topics as of late is around something called Ransomware. This type of cyber-attack is known as data ransoming. Essentially, Ransomware predominantly is delivered to a device through email with an attachment or a malicious link in the message. Once the user opens the malicious attachment or clicks on the link an infection then deploys itself into the device. This infection may not trigger any signs of infection unless your security protection software is up to date and catches it before the damage is done. This works for older attacks, but many of these attacks are created before any technologies are aware of them. Once the infection sets into the device, it then slowly creeps through all of your local, networked, and physically attached devices and starts to encrypt the data. Once it encrypts enough of the contents it will then lock you out of the device and request payment to get your data back. This is a real nasty attack that is happening more and more often across the world.
The reason criminals are using this type of attack is because it works. Recently in Calgary, Canada, the main university campus here was hit with Ransomware. After all was said and done, they ended up paying $20,000 to get the decryption keys from the hijackers that would allow them to decrypt (unlock) their data and use it again. This was a risk taken by them to provide an unknown entity with that amount of money in hopes they would be provide the decryption keys.
On top of the $20,000 of cost to get that decryption key, they also need to factor in the cost of business downtime, infection containment time, and recovery time, all which can range from days to weeks to months.
An infection like this, if not caught fast enough, could pose significant damage to a company and even impact business operations so much that they have to close their doors.
So why should anyone care? It can’t happen to us, right?
We are all targets to Ransomware as we all have information we cannot afford to lose. And the bad guys know that.
How much would you pay to get back personal photos, documents, and data?
Even if you backup your files, keep in mind that if that backup can be accessed from the machine that was infected, it may also be susceptible to being locked by the infection.
If you ever find you are impacted by a Ransomware attack, the first step is shut down your machine to stop the encryption from continuing.
Unplugging any network connections and removing any plugged in backup devices should be done as well. Once you have contained the infection, you would want to contact the Help Desk immediately for next steps.
If this happens at home, you would want to bring your machine to a repair shop to see if they are able to recover your information.
Many times these infections happen, the data is not recoverable, so brace for some bad news if the infection is bad enough. Under no circumstances should you pay the attackers.
This will continue to fund them and drive them harder to infect more people knowing the model is successful.
How do I avoid becoming a statistic?
Good news!
As of today, Ransomware doesn’t just suddenly appear magically on machines. It requires an individual to click or deploy something for it to become active. Knowing that the majority of infections are started from a malicious email or phishing (when attackers use mass email lists hoping for users to click links/attachments) campaign, user awareness becomes the key method to eliminate the risk. Here are some ways to avoid getting Ransomware;
- Never open strange or Phishy emails/attachments – Delete them or contact the Help Desk
- Ensure websites you visit are the correct ones – sometimes all it takes is an incorrect website URL visit to cause a drive by download
- Keep an offline backup – Use a USB hard disk or burn data to DVDs
"See What We See"
