Ransomware: What It Is, Why It Matters And How To Stop It
August 30, 2018
You’ve heard about ransomware — this cybersecurity threat regularly makes headlines and is time-consuming and costly to resolve. By the numbers, ransomware shows up in almost 40 percent of all malware-related data breaches1 and often takes months to fully remove.
But what exactly is ransomware? Why does it matter to your organization? What are the risks? And, most importantly, how do you stop it from happening?
What Is Ransomware?
Ransomware is a subcategory of malware, which is any malicious program that compromises mobile devices or desktops. Some variants of malware are designed to simply collect information; others attempt to escalate attacker privileges to gain control of servers or websites; and still others serve a host of unwanted “popup” ads.
What makes ransomware different is that instead of attempting to avoid notice in the background, it actively encrypts critical files on your devices. Once files are encrypted — anything from pictures to documents to system files — users are notified that their data has been compromised, and attackers demand a ransom payment, typically in bitcoin. To make matters worse, cybercriminals usually include a countdown: If companies don’t pay, their data is deleted.
Why It Matters to Your Business
Here’s the hard truth: Ransomware can hit any company. Size and industry don’t matter — attackers are looking for the easiest way to make a profit.
Once you’re infected, you’ve got a choice to make: Refuse to pay and risk data being deleted or pay and hope that hackers are as good as their word. It’s a tough decision. Many organizations have to weigh the risk of using potentially incomplete backups to restore deleted data against the prospect of being victimized again once hackers see they’re willing to hand over the ransom.
How to Prevent Ransomware
So, how can you prevent ransomware? Start with reliable anti-malware solutions to act as your first line of defense. Many cloud-based tools can detect and prevent common ransomware infections.
Next, recognize the top infection vectors for ransomware: phishing attacks and malicious links. Hackers send your staff seemingly legitimate emails with infected attachments or embedded links that look safe but redirect to drive-by download sites. If employees open attachments or follow malicious links, attackers are able to deliver payloads and start the process of encrypting key files.
Preventing these people-centric attacks demands a two-pronged approach:
- Email protection — Leverage email protection tools to actively scan for social engineering attacks, spam and weaponized attachments that may carry ransomware infections.
- The human firewall — Attackers recognize that employees are the weakest link. Why? Because most insider threats aren’t intentional or malicious; they occur when staff members encounter emails supposedly written by managers demanding “immediate action” or encounter links that seem legitimate and will help facilitate everyday tasks.
Effective employee education creates a kind of “human firewall,” in turn significantly reducing the success rate of ransomware attacks.
Ransomware remains a popular and persistent threat that can affect any business, anytime. Stay safe. Protect your assets and defend your data with Access One’s 24/7 world-class IT security solutions.