Another day, another attack…or, at least, that’s how it feels lately. Ransomware is all over the news, affecting everyone, from small businesses to huge multi-national corporations. Naturally, our customers are concerned and asking all sorts of questions to better understand this threat and how to better protect their organizations. Here are five of the most common questions I get regarding ransomware:
Q—What exactly is ransomware, and how does it work?
A—Ransomware is a type of malicious software that is designed to restrict a user’s access to files until some amount of money is paid. It is usually paid using Bitcoin in an effort to obfuscate the attacker’s identity. Opening an infected attachment in an email or clicking on a link to an infected website will start the [ransomware] file encryption process. Once a user is locked out of their own files, the ransomware will display instructions on how to regain access to the data.
Q—How serious of a threat is ransomware in the United States?
A—The first known ransomware was back in 1989 and it is still a very popular attack vector. Cybercriminals are monetizing on a user’s inability to detect ransomware. CryptoWall alone is suspected of generating some $320 million. Although ransomware typically targets the consumer, businesses are seeing more ransomware in 2017 than in 2016. More than 50% of all malware contains ransomware and a growing number of ransomware attacks are successful.
Q – How can ransomware get into my network?
A—Today’s attacks are targeting end users, who can often be a weak link in security. Social engineering, along with malicious content or attachments, is how the bad guys are getting in. Regular security awareness training will help prevent attacks by educating users on how to spot suspicious emails/attachments. Connection offers General Security Awareness Training and can help reduce the risk of a breach on your network.
Q—I have an email spam filter or other technology in place to stop ransomware. Isn’t that enough?
A—Early ransomware was delivered via traditional phishing email blasts, which many email spam filters can stop. Today’s more sophisticated ransomware uses spear-phishing campaigns and directly targets domain users with legitimate email addresses. Ensuring the users can detect suspicious emails is crucial.
Q—What is the best way to protect my files from ransomware?
A—First, ensure that you have the latest virus protection (signature) updates. This will help with any known viruses. Upgrade or deploy Next-Generation Anti-Virus (NGAV) if you can. NGAV software can stop zero-day and ransomware attacks by using behavior analytics, machine learning, or sandboxing technology. Next, have users complete phishing training, which is usually how ransomware gets into the network.
Ransomware is a serious threat and should be treated as such. Vigilance, end-user training, and the latest security technologies are all critical components of a successful protection strategy.
How has ransomware impacted you? Leave a comment below to share your experience.
Read this next:
- WPA2 Hacks and You – 7 Things You Can Do to Stay Safe
- The Critical Importance Of Patch Management
- Shut Down Unlikely Attack Vectors In Your Organization
- Cyber Security In The Workplace Is Everyone’s Business
- Challenges Multiply As Enterprise Mobility Grows