Ransomware
The Danger of Ransomware
Ransomware is a form of malware that targets critical data and systems for the purpose of extortion. Once launched on a computer or mobile device, ransomware encrypts critical files and renders the device inaccessible or inoperable until the victim pays the attacker a ransom to unlock it. Both business and personal devices are vulnerable.
Corporate ransomware attacks frequently begin with “spear phishing” emails – emails that target a specific individual or function within a company, and appear to be coming from a legitimate sender yet contain malicious attachments or hyperlinks that launch the attack.
Ransomware Fallout
Ransomware victims face difficult decisions. Paying the attacker’s ransom demand is not a guarantee the device will be restored. Moreover, ransomware is often accompanied by additional malware that may steal users’ or customers’ data, such as login credentials or financial information.
Preventing Ransomware Attacks
Never click unsolicited links or open unsolicited attachments in emails. If the email address or instructions seem suspicious or out of the ordinary (e.g., an email is sent from a personal email address rather than a business address, or you receive an instruction to circumvent normal procedures), perform due diligence on its legitimacy before clicking on anything.
Employees should be aware of what ransomware is and how it is delivered. Companies should consider coordinating a phishing email simulation, to gauge the level of understanding and compliance among personnel.
Make sure systems, software and firmware are up-to-date on all Internet-connected devices. Ensure antivirus and anti-malware applications are set to automatically update and to conduct regular scans.
Systematically back up your data using physical storage media or a secure cloud-based solution, and verify the integrity of those backups. Test your data restoration procedures. Keep your backups secure, and ensure they are not permanently connected to the computers and networks they are backing up.
Immediately disconnect the affected device from the Internet and isolate it from any network. Do not turn it off. Contact your local law enforcement agency and FBI field office, and report the incident to the FS-ISAC and the FBI’s Internet Crime Complaint Center.