What is a Ransomware?
In layman’s terms- Ransomware is malicious software capable of holding computer devices and data for ransom. Similar to aeroplanes getting hijacked by hijackers, here computer systems get hijacked by the criminal hijackers with the intention of illicit financial gain.
What happens when infected by Ransomware?
When infected by Ransomware, either computer systems or data or both become inaccessible to legitimate users. When organizations are impacted by ransomware, they incur huge monetary losses. For example, if an e-commerce website is attacked by hackers via ransomware, the customers might not be able to access the website, hence the business comes to standstill; until the organization regains access to the website, the company loses its revenue. That’s not the end of it. The hackers have a free hand on the sensitive data they would have acquired via ransomware; the company loses its face and might lose its customer base.
The hackers would demand money if they were to release the hijacked digital resources back to the organization. The worry is that even if the organization chooses to make payment, there is no guarantee that the organization will get access back to its IT systems and data. This is because we are dealing with criminal hackers. Even if the hackers return the access, it could be incomplete data that might not be of any use.
How does Ransomware work?
It is most common for Hackers to target the weakest link or a weak entry point to start with. It could be via phishing attack making one of the insiders click a malicious link inadvertently; a watering hole attack via infecting the most visited websites to target a specific user group; or any other most common ways to push malware into the organization’s IT system. After the malware gets its first entry, it isn’t hard for it to spread across the organization’s network. Once it gains the access to the most sensitive IT systems, it either locks the system or encrypts the data making it impossible for legitimate users to use the IT system. This is how the organization’s IT system’s control passes into the hackers’ hands. Now, hackers start threatening the company that they would either destroy the data or would not allow access by the legitimate users until they get the ransom they ask for.
How to prevent Ransomware attacks?
The good news is that - although the results of ransomware attacks look scary, prevention is not very complex. By following simple security guidelines, we can prevent a ransomware attack.
Awareness: In the war between Cybercriminals and organizations, the frontline warriors are common people like you and me. Though the strength of our army outnumbers a handful of hackers, the weak one or two soldiers are enough for the hackers to destroy us completely. However, common awareness is a simple and powerful weapon we have against hackers. Please refer to my article on How to prevent Identity Theft for simple tactics.
Ensure the IT systems are patched: The software vendors and operating systems keep coming up with security patches regularly as and when they come to know their system vulnerabilities. At times we tend to ignore these notifications and not apply these security patches. Make it a mandatory habit that we upgrade our computer systems and smartphones as and when these patches are released. But, beware of fraudulent notifications impersonating software vendors or companies claiming to scan your systems for fixing issues. Hence, ensure you check the authenticity before clicking on updating the system.
Data Backup: Need to have well-defined data and IT system backup strategy even before you make a new IT system live. Many considerations such as backup location, backup approach, frequency etc. need to be taken into consideration. For example: if both - live and the backup data are encrypted using the same encryption key and access to the encryption key is impacted by the ransomware, you have lost access to both main data and the backup. Hence, this is a very serious topic to be considered at the time of the new system set up and not at the time of the security incident.
Have the right security software: Ensure that you have the right security software that can detect and prevent malware, DDoS (Distributed Denial of Service) etc. Most importantly, this software needs to be updated regularly to ensure the latest virus or malware definitions are updated.
Don’t pay Hackers: As much as possible, don’t pay the hackers, who have held your IT systems for ransom. Two reasons why we shouldn’t be paying these hackers are that-
Firstly- Even if you pay, there is no guarantee that you will get your IT system back. Even if they return the access, the data might not be usable.
Secondly- If we start paying the hackers, it will encourage them to continue this illicit activity. The moment they start realizing that ransomware is not fetching them money, the motivation to redo will die down slowly.
Conclusion: When digitization is at its peak today, the most valuable asset is the “Information”. Unlike the olden days when bank robbers had to physically break into the Bank building, today- all they have to do is to get access to Bank’s IT system. Hence, the true “treasure” that needs to be stolen or to be hijacked to make lots of money “quickly” is “information”. This is what hackers do by leveraging basic human weaknesses. It might be easier said than done when we say that don’t pay hackers. The attacks are so sophisticated that the situations become do or die for the organizations at times. Hence, prudence is in prevention than even thinking about what to do when attacked by Ransomware!