The number of ransomware-related news headlines continues to spike, and for good reason.
Ransomware is globally pervasive, capable of quickly and efficiently infecting unsuspecting targets, has a relatively low cost of entry for criminals, and is often impossible to recover from. Often, victims generally have little choice other than to just pay the ransom demand and hope for the best.
Similar to many other types of infections, an end user is lured into unintentionally installing malware onto their computer, in this case, the malware is a ransomware program. Malicious email content, such as infected attachments or clickable links to infected URLs, are two common methods of triggering a ransomware installation.
Unintentional surfing to a compromised website can also trigger a ransomware infection. Once the user triggers a ransomware program download, the malware acts quickly by installing itself on the target computer, and contacting a repository where encryption keys reside. These keys are used to methodically encrypt (or scramble into an unusable and unreadable format) valuable files on the compromised machine, essentially locking users from access to those files.
The ransomware will also attempt to propagate itself across the network. If the infected machine is connected to any Enterprise network shares, there is a high probability the program will propagate across those shared directories as well, compounding the infection. The compromised user is helpless without the decryption key. To make matters worse, there’s usually a limited amount of time to pay the criminal before the encrypted files are systematically deleted.
After the encryption process completes, instructions to decrypt the files to their original usable state will be left behind. The instructions are often posted to each compromised directory as a plain text file or splashed across the computer screen in a popup window. Bitcoin is the preferred payment method.
A variety of different types of ransomware attacks have been reported over the past several years. One variant, addressed in this blog, is seen as a common “go to” method for digitally extorting money from compromised companies. It uses encryption to hold your valuable data files hostage.
A fundamental understanding of the composition of this type of ransomware attack helps to identify potential gaps or weaknesses in your security policy and procedures, which can aid in improving controls and reducing exposure.
These best practices are not foolproof against every variant of ransomware, and new and more effective strains are popping up daily. Keep well informed of the changing threat landscape to see to it that you employ the most current prevention methods.
The important thing is to plan for ransomware and other types of attacks. A good incident plan is outlined in our Cybersecurity Insights report, “The CEO’s Guide to Cyberbreach Response.”
One final thought – if you are fortunate enough to detect a ransomware attack in process, immediately disconnect your computer from the network in an attempt to prevent the key negotiating process from completing. You might just avoid a significant headache.
Share this with others
READ MORE ARTICLES ON:
Sign up for the AT&T Business newsletter
Your feedback will help us to improve AT&T Business so you continue to have a great experience when visiting us!
This survey is conducted by an independent company ForeSee for AT&T.
Yes, I’ll give feedback!
Please provide the following information to access your document:
* To access your content, please check your browser settings to make sure pop-up windows are allowed.