Ransomware Attacks

Prevent Ransomware Attack Before It Happens

Ransomware is a form of malware that attempts to hold your data hostage. If it succeeds, you’ll be contacted by a cyber criminal who will demand an immediate payment for the release of your data. Ransomware continues to be a major threat to businesses in all sectors, with some areas getting hit particularly hard, especially healthcare. Cyber criminals continue to evolve their strategy and method of attack, concentrating on areas that provide the highest payback for the least effort.

Ransomware attacks have increased by 91 percent in just one year.

Most are aimed at small to mid-sized businesses.

 

How Does Ransomware Work?

 

However, in recent months cryptojacking has proven to be a popular approach for cybercriminals, with the number of attacks outnumbering ransomware in some business sectors. Cryptojacking (also called malicious cryptomining) is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to mine forms of online money known as cryptocurrencies. It can take over web browsers, as well as compromise a variety of devices, from desktops and laptops, to smart phones and network servers.

Ransomware typically spreads via spam or phishing emails. It also can be spread through websites or drive-by downloads to infect an endpoint and penetrate the network. Infection methods are constantly evolving and there are many other ways one can become infected, as well. Once in place, the ransomware then locks all files it can access using strong encryption. Finally, the malware demands a ransom (typically payable in bitcoins) to decrypt the files and restore full operations to the affected IT systems.

Encrypting ransomware or cryptoware is by far the most common recent variety of ransomware. Other types that might be encountered are:

  • Non-encrypting ransomware or lock screens (restricts access to files and data, but does not encrypt them).
  • Ransomware that encrypts the Master Boot Record (MBR) of a drive or Microsoft’s NTFS, which prevents victims’ computers from being booted up in a live OS environment.
  • Leakware or extortionware (exfiltrates data that the attackers threaten to release if ransom is not paid).
  • Mobile Device Ransomware (infects cell-phones through drive-by downloads or fake apps).

Cyber thieves attempt to extort money from your business to unlock your Internet-connected computer.  They ask for a credit card payment or some form of money transfer, typically around $200. Even if you pay, there’s no guarantee they won’t do this again.

 

Two Trees Studio  Can Protect Your Business From Ransomware and Other Viruses.

We will:

  • Properly back up your files.
  • Install and deploy layers of Security Protection on your network.
  • Monitor and manage your network to detect and remove vulnerabilities that put your business at risk.
  • Protect your email and Web activities against security threats.
  • Employ Mobile Device Management Solutions to protect your smartphones and other mobile devices.
  • Educate Your Employees.

Good backup and security practices

are the only tools we have to protect ourselves and our customers from this threat:

  • Data must be backed up with adequate cadence.
  • Good data retention policies are necessary, you need to be able to restore data at least two weeks old, better a month.
  • Backup integrity checks must be performed coherently with the backup cadence and the retention policies, in case of infection the corrupted files will be backed up at each execution.
  • The backup folders must be inaccessible to the normal users of your network, so Cryptolocker or other ransomware won’t be able to access them
  • Never let CryptoLocker or other ransomware run as the domain administrator or other full-privileged accounts.
  • Educate the users! Seriously, this is the most powerful defense.. being able to restore the data encrypted by Cryptolocker or other ransomware won’t protect you from the costs of such operation. Restore times – and so costs – can be reduced but not eliminated, it’s better to prevent the infection rather than fix the damages.