- First the victim's computer system is compromised by the malware, usually through a malicious link, known as a Phising, or "poisoned" attachment. The user is tricked into downloading the file, often through social engineering techniques.
- In a second step, the malware takes control of the system. Various types of files are encrypted and the user can no longer access them. Be aware that ransomware can spread across a company's network and infect an organization's entire database.
- After encryption, the victim is informed, usually by an on-screen notification, that he or she has been affected by the ransomware and must pay a ransom to regain access to the system. The process for paying the ransom is detailed.
- The last step consists of the victim paying the ransom and theoretically regaining access to the system by providing a decryption key.
How to deal with ransomware?
Ransomware incidents can severely affect business processes and leave organizations without the data they need to operate and provide mission-critical services. Given this scenario, companies should be cautious in deciding whether or not to pay for ransomware. This is because, in concrete terms, nothing forces the criminals to lift the encryption. There are many reports of companies that have failed to recover the data, permanently losing the ransom amount paid and also the data. According to information from the aforementioned Sophos study, among the companies surveyed that had paid the ransom, only 8% claimed to have fully recovered their data. Therefore, before making any decision, some protocols must be followed, such as: - Notify the authorities of what has happened; - Isolate the compromised systems; -Be careful with backups; - Do not reboot or perform system maintenance; - Identify the type of ransomwere; Therefore, by paying the ransom companies are running the serious risk of losing the money and still having to constantly deal with new demands from cybercriminals. The different types of ransomware As already mentioned, ransomware is a subset of malware, which means that there are different types of this threat. The three main categories are worth mentioning:- Scareware: this is "fake" ransomware that consists of exploiting the victim's fear. This is, for example, a pop-up announcing that malware is encrypting the computer and that the only way to stop the process is to pay a ransom. However, no files are actually encrypted.
- Screen locker: This type of ransomware can completely block access to a device, such as a computer. As soon as the device is turned on, a full-screen window opens, announcing the lockout and demanding a ransom. Data is generally not compromised.
- Crypto-ransomware: This type of ransomware is capable of encrypting all files stored on a device, network, or server. This is the most dangerous category because there is no security software that can fully recover the encrypted data.
- Isolate infected devices and any devices acting suspiciously by disconnecting them from the Internet and your network.
- Identify the type of ransomware and inform your team of the signs of infection to look for.
- Investigate the source of the attack in order to fix the vulnerabilities and prevent further incidents.
- Identify all affected systems, data and devices, including laptops, external hard drives, smartphones, flash drives and cloud storage.
- Restore the affected data using your backup files.
- You may need professional help from a cyber security company to include additional steps if necessary.
[/vc_column_text][/vc_column][/vc_row]