August 17, 2020
What is Ransomware?
As a managed service provider (MSP), you know that ransomware attacks are increasing daily. More and more businesses are being crippled by the devastating effects of these attacks and they are showing no signs of slowing down. But what exactly is ransomware, and why does it wreak havoc on businesses? How can you get it, and where does it come from? We’ll be diving into all these questions and more.
Ransomware is a type of malware that infects computer systems and prevents users from accessing anything on their machines without paying the ransom first. Some of the earliest strains of ransomware can be traced back as far as the 1980s with payments demanded to be paid through snail mail. Since ransomware has developed, most hackers will now charge the ransom in cryptocurrency such as Bitcoin, or by credit card. Fortunately, with technology, as it stands today, paying the ransom is not your only option when it comes to recovering your data.
How do you get Ransomware?
Unfortunately, there are many ways in which ransomware can gain access to your computer systems. In many cases, like the well-known Petya, WannaCry, or Locky, the malware enters your machine by means of a phishing email. The email will often include an attachment that you will be asked to download, or it will request you click and follow a link. Once you have downloaded the attachment or clicked the link, ransomware will infect and corrupt your machine.
These links or attachments will appear legitimate, so you and your staff might not be aware that they are in fact malicious ransomware strains, especially if the hacker has impersonated a person of power. This is a scaremongering tactic used to make you pay the ransom. An email from the police or government demanding payment for your data are common tricks played by hackers. As legitimate as they might seem, MSPs and their clients should be aware that neither of these parties, if legitimate, would ask us to pay money over email. However, there are ways to combat this. Educating your team around cyber security and the risks associated with it will help mitigate these attacks and better protect your business.
Malicious advertising or malvertising is another common method cyber criminals will use. Ransomware will infect your machine after you have clicked on a web advert or through hidden code behind the ad directing you to a criminal’s server. Your data is then collected and analysed, and your computer location is tracked so the hackers can then select the ‘best’ malware strain to send to you. These sneaky techniques used by hackers wreak havoc on businesses but can be mitigated through installing antivirus software.
Different variants of ransomware, such as CryptoWall or TeslaCrypt, all work a little differently once they have gained access to your computer, however, your data will become encrypted and you will no longer be able to access it. “Ransomware is a game-changer in the world of cybercrime,” says Marc Goodman, author of the New York Times best-selling book Future Crimes, founder of the Future Crimes Institute and the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. “It allows criminals to fully automate their attacks. Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organised crime syndicates.”
Stay Ahead of the Game: Prevent Ransomware
Cyber security experts agree that you want to prevent ransomware, not react to it and you certainly want to avoid paying the ransom at all costs. This will only encourage cyber criminals to keep targeting your business. Experts agree that the best way to fight ransomware is by protecting your files and systems in order to prevent ransomware from claiming your company as its victim. This is done with a multilayered approach:
- Use a good quality antivirus program, with real-time protection. You’ll want to look out for programs that shield your data and block ransomware from holding files hostage.
- Always make sure you patch and update your software and systems. This is a vital step when it comes to better protecting your business data. Ransomware will take advantage of any vulnerabilities, so be sure to keep an eye on updates, these can also be automated with a remote monitoring and management (RMM) tool.
- Educating your staff and clients about ransomware and how to detect phishing and social engineering schemes is another important step. This will save your business time, money and resources in the long run, and help mitigate attacks before they even happen.
- Make sure you have a good Business Continuity and Disaster Recovery (BCDR) plan in place to minimise any downtime, downtime event or disruptions associated with ransomware attacks. A BCDR solution is still the best protection against the impact of ransomware. The ability to failover to and recover from clean backups means businesses can continue to function even if an attack occurs. Building a successful BCDR plan takes time, effort and resources, but will serve you well in the long run. A good plan will enable your employees to continue to work throughout any disaster, connecting to recovered business systems from any location. Your data will be recoverable as you will have taken multiple backups to ensure you can go back to any point before your data becomes compromised. Finally, you will have peace of mind knowing you can get your’s and your client’s businesses back up and running, with minimal downtime or impact.
Although ransomware attacks are continuing to increase, they can definitely be avoided with adequate protection. To find out more, check out our Cyber Security Toolkit for MSPs. You will find top tips and best practises on how to better protect your business before it’s too late.