Current versions of ransomware use malicious code to encrypt data so organizations and individuals cannot access files, databases, and applications. Designed to spread quickly to other computers and devices on the same network, the software can infect entire organizations or households before anyone has a chance to react. Once infected, hackers extort victims, requiring large sums of money or bitcoin to restore access to the encrypted information.
It’s vital to note that in the current environment, with more automated methods of infecting computers, this type of attack is an ongoing threat to both organizations and individuals.
How Does Ransomware Work?
Whether spread through malicious software infecting websites or emails, ransomware is code that uses Asymmetric Encryption to lock files. This means that the data is converted into a secret code which makes it unreadable. Accessing the information requires a mathematical key – similar to how a decoder ring works but significantly more complex. The hacker is the only person who has access to this key, and because it’s nearly impossible to decrypt the files without it, they require payment for the key – in essence, holding it for a ransom.
To make things worse, hackers almost always put a time limit on the ransom, threatening to delete the encryption key if payment isn’t made within 24-48 hours.
In 2021, they’ve begun to add a new wrinkle. Because backups are getting better, making ransomware more nuisance than catastrophe, the threat includes releasing the data on the internet for a refusal to pay. For organizations that deal with personal client information, this can be devastating, both legally and for their reputations. Individuals can have private information exposed that can dramatically affect their personal and professional lives.
Why Can’t We Stop Ransomware?
For every defense that cybersecurity experts come up with, hackers find a new way to attack. Part of this is because ransomware kits are available for purchase on the dark web, making it possible to create many types of attacks. With these kits, hackers don’t even need to be tech-savvy, and many of them work in groups where each takes a cut of the ransom. Another reason is that people keep paying the ransom, so hackers have no reason to stop.
Putting all of that aside, unaware users are the primary problem. Phishing emails give hackers the one thing they need – access. It gives them the ability to install malicious code, and once they’re in, they begin to spread, and it’s incredibly difficult to get them out.
How Do I Defend Against Ransomware?
Avoiding ransomware is not as difficult as you might think and really comes down to just five best practices.
- Backup Your Data – maintaining recent backups on external devices or in cloud services that do not allow for direct access will help keep ransomware attacks from being immediately devastating.
- Update Security Software – whether it’s the antivirus or the operating system, security updates are constantly evolving to counter threats; keeping the software updated is essential to avoiding ransomware.
- Only Use Secure WiFi – public WiFi networks are not secure, and hackers will often sit on them looking for targets; if you must use public WiFi, use a VPN.
- Safe and Aware – this is just a matter of being careful where you click and paying attention to messages; don’t fall for threatening emails and offers that are too good to be true.
- Use Strong Passwords – when it comes down to it, networks are only as secure as the weakest password; adding 2-Factor Authentication wherever possible will add another layer of security to the passwords that could make all the difference.
These same best practices can also help you to avoid a variety of other cyber threats.
Should I pay the Ransom?
There’s a great deal to unpack in that question. Whether you’re a business or an individual, paying the ransom might seem better than potentially losing the information or having it exposed online. In fact, it might feel like there’s no other choice. But…
…the hacker may take the money and not give you the encryption key or may expose it anyhow. There are no guarantees when dealing with criminals.
…once you show them that you will pay, you will almost certainly get repeated ransom demands, whether from additional attacks on your network or just because they still have a copy of your data.
…your payment funds their ability to continue making attacks. Even if you get everything back after paying, you are proof that the ransom business model works.
If you become a ransomware victim, the first thing you should do is report it to CISA at https://www.us-cert.gov/report and be sure to cooperate fully with law enforcement agencies who investigate. The only way to stop ransomware is to put a stop to the attacks through best practices and investigation.
If you still have questions about Ransomware or would like help defending against it,
please give us a call, we can help
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com