Ransomware: what it is and how to avoid it
Gone are the days when cyber attacks were limited to copying cards, stealing identities, or defrauding credit. The ransomware attack is now the number one threat in the online world. Cyber security threats are growing exponentially. Today, we explain what a ransomware attack is, and how it can be avoid.
Online presence, whether individual or corporate, is increasing and practically unavoidable. Cyber-attacks have also kept pace with online growth, becoming more sophisticated, complex, and impactful.
Cybercriminals proliferated with the Covid-19 pandemic, taking advantage of the thousands of companies that have had to adopt a hybrid working environment.
The transition from traditional infrastructures to online infrastructures has facilitated cyberattacks that, in just one year, have increased by 150%.
What is ransomware?
According to the European Union Agency for Cybersecurity, ransomware is a type of malware (malicious software) that criminals use to threaten to publish or block access to a device's data or system.
In most cases, cybercriminals lock and encrypt the victim's computer or device data until the payment of the ransom, on pain of erasing all information.
Usually, hackers demand that the ransom be paid in cryptocurrencies so that it is difficult to trace the money. Monero is currently the cryptocurrency of choice due to its high degree of anonymity.
How do hackers attack?
Despite the sophistication of malicious software, hackers use usual and predictable ways to gain access to company computers and devices.
One of the systems most commonly used by cybercriminals is phishing. Usually, the victim receives a seemingly reliable email, which follows an attachment with malware or a link to a malicious site.
Once the files have been downloaded and or opened, the malware takes control of the victim's computer and downloads the ransomware that will attempt to reach servers and other vital systems in the corporate structure.
The goal is to "hijack" as much information or files as possible and demand a ransom to release the data.
But there are other more complex and aggressive attacks, usually used to hit a specific target. In these cases, hackers look for vulnerabilities or exploit security flaws to infect the computers of companies or organizations without the need to trick employees.
Avoiding ransomware
One of the main pieces of information to know about ransomware is that even if you pay the required ransom, you will only be able to decrypt the "hostage" files with a key that only the criminals know.
For all the above reasons, you should remain vigilant and take measures to prevent ransomware attacks on your company. These are basic cyber security behaviors. But remember that to protect yourself or prevent ransomware, you should:
- Keep your operating system, programs, and security software up-to-date and patched to decrease or mitigate any vulnerability or flaw that could be used as a way to infiltrate malware;
- Cancel the installation of any software or file that asks for administrative permissions if you do not know the source or purpose;
- Install and keep updated antivirus software that detects malicious programs.
Taking a preventive approach is the best way to combat a ransomware attack. In addition, you should also alert all employees in your company to two basic principles:
- Do not click on email attachments or links from unknown sources;
- Browse and search with caution. Ransomware can also be present on malicious websites or pop-up ads.
And never forget! Make external backups of your files frequently. This way, you will be able to have access to your data in case of an attack.
Ransomware: To pay or not to pay?
Deciding if you should pay the ransom is the most difficult decision to make once the business is stalled and losing money. However, going ahead with the money is not always the wisest decision.
A large group of security institutions advises against paying the ransom, especially since it encourages criminals. The FBI, for example, stresses that payment does not guarantee the return of data retained by cybercriminals.
The European Union Agency for Cybersecurity, on the other hand, points out that once you pay, problems can arise: the recovery component of the malware may have a bug that causes the encrypted data to be irretrievably lost, even with the correct decryption key.
Also, learn how to improve the security of your mobile applications. At Zalox we can help you find the best solution for your projects.