Ransomware is malicious software that cybercriminals use to hold your computer or computer files for ransom, demanding payment from you to get them back.
Sadly, ransomware is becoming an increasingly popular way for malware authors to extort money from companies and consumers alike.
There is a variety of ransomware that can get onto a person’s machine, but as always, those techniques even boil down to social engineering tactics or using software vulnerabilities to silently install on a victim’s machine, says Steve Flynn, Director Sales & Marketing, ESET Southern Africa.
Defending against ransomware is not simply a matter of plugging in some sort of anti-malware packing using the default settings and relying on it to defend you.
Mainstream security programs are good at detecting known ransomware and much better than you might think at detecting unknown ransomware by monitoring its behavior.
However, there is no such thing as 100% detection, even with security software set at its most paranoid, and it is not unknown for staff members to (not necessarily deliberately) give attackers a way in by some incautious action.
Education and policy are often effective ways of making the end-user part of the defensive masonry rather than a flaw in the brickwork.
If ransomware gets the chance to execute, the amount of damage it can do is limited by access restrictions in the environment in which it is executed.
Unfortunately, if backup systems are set for convenience rather than ransomware specific security, backups may also be compromised by the malware, even if they are outside the organisation’s perimeter.
If there are organisations that are missing out steps that would help them survive such circumstances, in the expectation that they can always pay the ransom, they could be in more trouble than they realise.
Paying the ransom does not always guarantee the recovery of the data.
Some cybercriminals have no intention or means of getting the data back for companies or individuals that pay.
Some may intend to get the data back, but for reasons are unable to – such as an error with the decryption mechanism.
Sometimes security measures may actually kick in and interfere with the recovery process.
If your files are already encrypted, then removing the malware doesn’t usually reverse the encryption.
These scenarios are not common but they do raise the stakes.
And, of course, the risk of ransomware is not the only issue that needs to be addressed by a sound backup strategy.
What if your data is lost or corrupted because of issues that have nothing to do with ransomware?
Scenarios where organisations are insufficiently prepared for attacks they probably don’t understand, are much more typical.
Oftentimes an organization will take the easy way out.
Furthermore, many individuals also pay up and that is what keeps the cybercriminals in business.
In a protection racket, everyone who pays up is keeping the racket alive.