Ransomware is a malicious piece of software. Viruses are a thing of the past, and ransomware has taken over as the preferred form of cybercrime.
Ransomware will infect a computer and encrypt all of the data to make it inaccessible. It can come as a payload with a worm that can spread across an entire network.
If the computer is connected to other computers, like in an office situation, it will do it’s best to infect all the other machines, including servers. Hackers are looking for data on servers.
Many times a ransomware virus will sit on computers or a network for a while before locking it up. The malware can idly monitor what’s going on. When it finds what it’s looking for, the ransomware encrypts it.
Once the data is encrypted, a pop-up shows up on the computer screen demanding a ransom to release the data. This is followed by instructions for what to do.
Ransom payments are required through Bitcoin because they’re anonymous and untraceable. If the victim opts to pay the ransom (which we don’t advise), they must go through the process to purchase Bitcoin.
For those who don’t use ongoing Bitcoin transactions, to get the amount required to pay the ransom can take a long time, even weeks.
Plus, because Bitcoin is a volatile currency, the business won’t know exactly what this will cost. It could be a few thousand one day, but increase in value, so a week from now it could $10,000.
When ransomware infections hit globally, you’ll often see the price of Bitcoin rise.
The first thing to do is to make sure that you have good, robust backups of your data. You want multiple, redundant backups in case one doesn’t work. You need a backup onsite, offsite, and one in the Cloud. This is even true for home networks.
You must validate your backups. Test them for recoverability by restoring a few files every month. You want to ensure that they are complete and work. In this case, if you get ransomware, you can restore all of your data, and you won’t have to worry about paying a ransom.
Another thing you should do is to get Next-Gen malware protection. We recommend Sophos Intercept X. It has an anti-ransomware component that detects the behavior of ransomware and can stop and reverse it. The program can decrypt your files immediately and automatically.
If you protect your computers and servers from the start with the right ransomware protection, you can avoid having to pay criminals to unlock your data.
Nine times out of ten, you won’t. The odds of you getting any or all of your data back are pretty slim. We get called almost weekly by businesses and individuals who have fallen prey to ransomware and who weren’t adequately protected.
The data isn’t important to the criminal; it’s the dollar value of the data that the criminals are after. The data is valuable to you, so they believe that you’ll pay to get it back. However, we’ve seen companies that just let their data go.
If you do get some of your data back, it could be in a format that will take you months to convert into something you can use.
But, the bottom line is that you never want to be in this position. So, it’s best to take steps to prevent a ransomware infection.
If this happens, it’s important to get a professional involved as soon as you can. Never collaborate with the cybercriminal.
IT professionals can often do things to restore your data. There might be shadow copies of your data on your network. There are also decryption tools that can be used so you won’t have to pay a ransom.
The professional will also assess if there was exfiltration of data and if the criminal stole any data rather than just encrypting it.
If the criminals did steal your data, you have an obligation to not only contact the authorities like the CISA (Cyber and Infrastructure Security Agency), you must also disclose this to all the individuals whose data was stolen. This might be your clients, partners, vendors, and internal staff. This presents additional costs in time and effort and is something that you want to avoid.
Need more information? Visit our Media Center.