5 Most Frequently Asked Questions About Ransomware
1. What is Ransomware?
Imagine using your trusty computer while beating a deadline, and suddenly your files become inaccessible. Thereafter, you receive an anonymous email saying you have to deposit money or your files are gone for good. You google the situation and find that you’ve just been hit by hacker- more specifically, by a ransomware.
Now what on earth is a ransomware?
Ransomware is a variation of malware (malicious software) that encrypts files and documents. It can infect a single unit of computer or even an entire network- including servers. From the word itself, the perpetrator demands a ransom from the victim in exchange for a “decryption key” to regain access.
Also Read: How to Choose a Penetration Testing Vendor
2. How do you get infected with ransomware?
It is important to know how ransomware works since its form and appearance do not follow a specific formula. However, the most common vectors are “malvertisements”. These are malicious ads which uses an infected invisible webpage element, redirecting to an “exploit” landing page.
Another method is “malspam” or malicious spam which usually pops up in your email. In most cases these malspam emails comes with malware-laced attachments, enticing graphics, and too-good-to-be-true promos that infects your system once interacted with.
Finally, with the popularity of social media, those whose are behind these attacks are now using malicious payloads disguised as Facebook, Twitter, and Instagram icons. This enables the ransomware to be practically invisible and poses a grave threat especially on credit card transactions with online shops.
3. How serious is a ransomware infection?
Ransomware attacks can gravely injure your economic stability- especially if you are an organization. The inability to access the infected files disrupts the business operations and reduces productivity. Research shows that malware criminals prefer to target big companies and businesses. This is logical since most large business, operating in a network, would choose to pay the ransom immediately to avoid further loss of money.
But this does not mean that non-networked computers are safe. In fact, it was reported that in the first ten months of the 2020 pandemic, the significant 75% increase in Singapore’s ransomware attack incidents are attributed to work-from-home set-ups. Regardless, the damage done is ludicrous. A study of CrowdStrike reveals that out of 46% of firms hit, more than 28% chose to pay the ransom, costing them an average of $1.47 Million USD!
4. How to deal with ransomware?
As always, prevention is better than cure. Ensure that your computer network uses anti-virus and an updated operation systems with the latest security patches. You should likewise limit the access of sensitive corporate or private data by granting only privileged access. However, here are some basic things to do once you get attacked:
- Isolate the infected computer units
- Notify your IT security team, if you have one. Otherwise, contact an IT service
- Identify the type of malware by backtracking your computer log/activities
- Inform your employees of the attack to mitigate the possibility of heavier damage
- Change your login credentials
- Take a photo of the ransom note
- Notify the authorities and present your evidence: your computer log/activities and the ransom note
Finally, you need to raise awareness on your organization; what a ransomware is, how it works, and how to always be on the lookout for suspicious malvertisements, malspams, and online shop plugins.
For other tips, read more: How Does Ransomware Work? Examples and Defense Tips
5. Do I have to pay the “ransom”?
In the event that you have been infected, paying for the decryption key is highly discouraged. It does not guarantee that your filed will be returned at once. Instead, you should disconnect the infected unit from
your network immediately. This should prevent the spread and will work like a ransomware kill switch. To reiterate, use an updated anti-virus software or an antimalware program, if you have any, before initiating data restoration from your backup.
Above all this, the best move is to contact an IT expert as they are more equipped and experienced to handle this kind of situation.
Facing a ransomware? Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches
Ransomware will always catch you unaware, hiding behind legitimate updates, innocent-looking messages and the like. Be sure to remain vigilant and follow the defense components to help you keep your business safe against threat actors.
Conducting regular penetration testing could also help ensure that threat actors are at bay as it searches for available vulnerabilities present in your system for you to acknowledge before bad actors can exploit them.