What is ransomware?

The Cybersecurity and Infrastructure Security Agency (CISA), a Department of Homeland Security component, describes ransomware as a “form of malware designed to encrypt files on a device.” Typically, the ransomware uploads the data to an external storage area before encrypting the local copy. Once encrypted, the attacker demands a ransom to decrypt the files. Ransomware can also lead to the illegal selling or distribution of stolen information. 

How does it spread?

Ransomware has many different methods of propagating. Most require little or no interaction with the users of the systems being infected. Some possible methods for spreading malware include:

— phishing emails with malicious attachments

— ‘drive-by’ downloads from infected websites that you visit 

— social media 

Once the ransomware is downloaded and is capable of accomplishing its intended purpose, it can also spread within your network to other systems and servers.

Detection

Ransomware is created specifically to make it impossible to access your data. Once it has stolen and encrypted your data, it displays a message on your monitor letting you know what it has done and how much it will cost you to undo the damage. The screenshot below is an example of what that message may look like.

Commonly, the message will say something like, “Your files are encrypted.” It will include a notice on how to recover the data, with instructions or a clickable button to redirect you to those instructions. The ransom payment is usually some form of cryptocurrency, and it can be pretty expensive. The highest known paid ransom at this writing was approximately 4.5 million dollars by CWT Global in 2020.

Protection

Prevention is the best solution when it comes to ransomware. Northstarr System Solutions has a multi-point Advanced Cyber Event Shield (ACES) platform specifically designed to prevent and recover from malware infection. At the very least, your organization should:

Ensure critical data is backed up in a separate and secure location

 Limit access to risky websites

Be cautious about installing software

Learn to recognize phishing emails

Have sound IT policies and controls in place

Good backups won’t prevent a ransomware infection, but they will allow you a chance to recover from one. 

What to do if you are a victim of ransomware

In some cases, ransomware encryption methods have been discovered, and remedies are available through reputable resources. While you can, of course, pay the ransom, it isn’t recommended that you do so. Paying the ransom in no way guarantees that you will recover your data or not have your systems/data exposed in other ways. Remember, these hackers are criminals, and they don’t really care about honoring an agreement with you once you have paid the ransom. You should report the incident to law enforcement. While there might not be anything they can do to recover your systems, they may have access to tools and resources you don’t. They may even be able to find and deal with the perpetrator(s) legally. 

Resources:

• CISA ransomware page: https://www.cisa.gov/stopransomware/fact-sheets-information
• MITRE’s ransomware resources: https://healthcyber.mitre.org/