One of the worst nightmares for the IT professional is coming into the office in the morning and finding that your critical servers have been hijacked with ransomware. Business immediately grinds to a halt, and you need to have unpleasant meetings with management about how this happened and — more importantly — what you need to do next. You have two options: try to restore your impacted systems using a backup and hope that it will be malware-free, or elect to pay the ransom price and hope that you can trust that the perpetrators will restore your access to your own systems. There’s no guarantee that you will regain access to your files even if you pay. Not an appealing choice — and no matter which option you choose, it will be costly.
What Is Ransomware?
Ransomware has become one of the newest high-profile threats to businesses. Ransomware is a denial-of-access attack that prevents computer users from accessing files. There are two types of common ransomware today. The simpler type uses a lockscreen that prevents you from accessing your PC or files, and it states you have to pay money to get access to your system again. The more sophisticated type of ransomware attacks work by encrypting your files, which makes them inaccessible without the decryption key. Then the ransomer demands you send a payment to get the keys required to decrypt your files. Both types of ransomwares are typically spread by infected email attachments or advertising from a website.
A couple of high-profile health care organizations have been hit recently by ransomware. Hospitals are a particularly sensitive target because of the on-going importance of patient treatment and health information privacy protection. Hollywood Presbyterian in February was forced to pay $17,000 after attackers originally demanded $3.4 million. Kansas Heart Hospital was also the victim of a ransomware attack: the hospital initially paid the ransom, then the ransomers demanded a second payment to release their data, which they eventually refused. In both cases, the ransomware was introduced via email phishing attacks and the IT operations at both institutions were severely impacted.
Protecting Against Ransomware
Today protection against ransomware is a requirement. Most experienced IT professionals are capable of dealing with lockscreen-style ransomware. However, dealing with the encryption type of malware can be especially difficult because it’s almost impossible to reverse engineer the encryption keys. Plus, malware creators are continually coming up with new strains of ransomware.
The first line of defense against ransomware and other types of malware is to be sure that you have securely backed up your data both locally and with a remote, un-connected backup in the cloud or in an offsite storage location. Being able to roll back your data to a previous uninfected state is your last fallback, even if that means you will lose some data. It’s better if you can avoid ransomware attacks altogether. Malware protection software that monitors, tracks, and analyzes incoming data can detect data anomalies and shutdown these types of attacks before they can take hold and corrupt your critical data.
For Further Reading:
Ransomware Resources from Varonis
Ransomware Identifier: Discover which of the several hundred variants of ransomware has locked your files and if a free decryption solution is available.
Complete Guide to Ransomware: If ransomware defense and recovery isn’t on your infosec shortlist, it’s time to put it there. In this guide, we’ll help you better understand the role that bitcoin plays in ransomware, various types of ransomware, specific variants, and cover a few mitigation methods.
Introduction to Ransomware: What does it mean when machines are infected with ransomware? How does it get there in the first place? What are the mechanics? Should you pay the ransom? What’s the best way to prevent ransomware infections? Get these answers (and more!) in our 8-part video course.