What is ransomware?
Ransomware is one of the fastest-growing forms of cyber attack. According to Bitdefender, there are roughly 2.8 million known unique samples of ransomware, and this number is growing.
Ransomware attacks are becoming more sophisticated and cyber attackers are demanding higher payments from their victims.
How does ransomware infect your system?
Ransomware can come from a variety of different places, but it most commonly begins with someone clicking a malicious link, often through a phishing email. These emails, which seem to be from a genuine sender, ask the recipient to click a link or download a program that looks legitimate but is, in fact, malicious.
Ransomware can also infect a system through an unpatched vulnerability, which is becoming a very common method.
The ransomware installs keys in the victim’s Windows registry to start automatically at boot-up. It performs a DNS lookup to connect to the people controlling it and, once the ransomware client and server identify each other, two cryptographic keys are created. One key is stored on the victim’s machine, and the other one on the attacker’s server.
The ransomware then begins to encrypt the victim’s files, making them inaccessible. A ransom payment will be demanded in exchange for decryption. Once paid, the attacker should send the key to the victim to recover the encrypted data.
What impact does ransomware have?
Ransomware will lock files and prevent normal access on a computer system until the ransom is paid. However, there is no guarantee that files will be restored once payment has been made. Businesses can lose consumer and financial data, with very serious consequences. An attack can also severely damage a business’s reputation. To consumers, it may seem that the organisation doesn’t have the right security measures in place to protect their data.
How can you reduce the impact of a ransomware attack?
There are many actions that can be taken to prevent the risk of a ransomware attack. If your staff are trained, they should be able to identify a phishing email, and will know not to click on certain links or share information. A Phishing Staff Awareness Course will train your employees to be alert, vigilant and secure.
You can also protect your organisation from a ransomware attack by establishing what its vulnerabilities are, and putting the controls in place to patch them. Carrying out a risk assessment identifies, analyses and evaluates risk, identifying gaps between people and processes, as well as gaps in technology itself. It then proposes remedies to minimise the risks associated with those gaps. A risk assessment is the only way to ensure that the cyber security controls you choose are appropriate to the risks your organisation faces.