Ransomware is a severe cybersecurity threat that results in significant damage and costs. Here we take a look at what ransomware is and answer the questions you will likely have as a business owner.
What is ransomware?
Ransomware is a form of malware that encrypts an organisation’s critical data, holding the company at ransom. If you are subject to a ransomware attack, you might not be able to access your databases, files, or applications.
The attacker makes a ransom demand in exchange for giving you access back to your data. Attacks are usually designed to spread across your network to target file servers and databases, paralysing your entire company network.
What happens if you get ransomware?
Ransomware attacks work by utilising cryptography that uses two keys to encrypt and decrypt files. The attacker holds the decryption key until you pay the ransom. It is almost impossible to decrypt your files without the decryption key.
Ransomware usually finds its way into your network through targeted attacks or spam email campaigns. The ransomware targets valuable files such as Word and Excel documents, databases, and images. To increase the pressure to pay the ransom, you will be given 24 to 48 hours to pay before the files are destroyed forever.
How to remove ransomware?
You will need professional help to remove ransomware, which may be impossible without the decryption key. Therefore, you must act quickly to minimise damage if you are the target of an attack.
You should isolate infected devices by disconnecting them from your network, other deceives, and the internet. You need to identify the ransomware, report it to the authorities, and re-install your systems using viable backups if you have them.
How common is ransomware?
Ransomware is rapidly evolving and spreading with new techniques introduced continually. Unfortunately, malware kits and ransomware marketplaces are increasingly easy to find and access, so attackers and thieves do not need to be tech-savvy.
The harm or ransomware to companies and individuals
The harm of ransomware includes exploiting money from companies, data loss, and releasing private data of companies and individuals. The financial damage is only equalled by the damage to a brand’s reputation, leading to a loss of customers and business partners.
Read about how game development company CD Projekt fell victim to a ransomware attack.
In the second part of our look at ransomware, we answer more of your ransomware frequently asked questions.
What to do in a ransomware attack?
If you are subject to a ransomware attack, you must act swiftly to limit the damage. You should:
- Isolate infected devices and any device acting suspiciously by disconnecting them from the internet and your network.
- Determine all affected systems, including laptops, external hard drives, smartphones, USB thumb drives, and cloud storage.
- Identify patient zero using your antivirus software or monitoring platform.
- Identify the ransomware and inform your team of the infection signs to look for.
- Wipe all devices and reinstall your data using your backups.
- Decrypt your data using a decryption key from No More Ransom if one is available and you don’t have a system backup.
You may need professional help from a cybersecurity company to complete some of these steps.
Should you pay ransomware?
Paying the ransom may seem like the only option, especially when you may face weeks or months of recovery. However, paying the ransom does not guarantee that you will get the decryption key to access your data/systems, and you could face repeated ransom demands.
If you pay the ransom, you may become the target of future attacks because you or your organisation has a proven payment history.
Is it illegal / what are the punishments?
Ransomware is an attack that makes a threat, such as if you do not pay the ransom, then your files will be deleted, or your data will be released to third parties. It is blackmail, and cybercriminals can be prosecuted under the Theft Act 1968, section 21. Furthermore, if the attacker receives the ransom, they can also be charged under the Proceeds of Crime Act 2002.
Sentences for ransomware can be as much as five years imprisonment with a £5,000 fine. The penalty can also include compensation for loss and freezing, and seizing the assets of the attacker.
How to protect against ransomware
To protect against ransomware, you should back up your data, use security software, and avoid using public Wi-Fi. If you are a business owner, you should create a security awareness program to educate your employees. Businesses should engage a cybersecurity company to run regular penetration tests to search out vulnerabilities.
Recommended antivirus software
Antivirus software is one part of the equation in defending you or your business against cybersecurity threats. Bitdefender, Norton, and Kaspersky are three of the best, and each has three plans offering basic, standard, and total protection.
Penetration testing helps to prevent ransom cyber attacks by checking your network and systems for weaknesses. Our cybersecurity pen testing service also includes vulnerability scanning of the applications your workers use. Contact Omnicyber Security today for more information.