BrightCyber Blog

Ransomware: An Introductory Guide

Locked out of computer code

Cyber Incidents have been seen in everyday daily life more than ever before. From the Colonial Pipeline shutting down to the rise in beef prices, cyber-attacks have impacted multiple industries outside of the technology world. How these attacks happen vary from instance to instance, but there is a common factor: almost all instances use ransomware to get their payout. Ransomware is one of the most common malwares that scammers use to make an individual or business pay.

In this article we will discuss:

What is ransomware?

Why does it matter?

And what can a business do to prevent or mediate an attack?

What is Ransomware?

Ransomware warning

By definition “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. ”1

In simpler terms, ransomware involves a hacker hacking into a file or device by using malware. Once they are in, they encrypt the files on the device.  The encrypted files will then be held hostage for a ransom so that the owner or user is unable to use them until the ransom is paid.  Ransomware attacks typically stem from a phishing or a social engineering attempt.

 

Why does it matter?

Colonial Pipeline was hacked

As we saw with the Colonial Pipeline earlier this year, Ransomware attacks can be very expensive. It cost their company multiple millions of dollars to get their system back up and running. Which is why knowing about this type of attack is very important to small and medium businesses.

Businesses in the small and medium sectors typically do not have millions of dollars on hand to throw at a ransomware attack. If they suffer from an incident, it could mean that they have to close down.  Ransomware is not an uncommon occurrence. 1 in 5 small businesses have reported having a ransomware incident. What’s worse is over 50% of small businesses that suffer from a ransomware attack will be closed within six months of the incident.

 

How can a business  prevent a Ransomware Incident?

               Education and awareness are the first step towards preventing a ransomware attack. Human involvement in technology is where many of these attacks can originate. Typically ransomware attacks start out by a successful Phishing attempt or Social Engineering attempt. By educating yourself and your team of what a phishing or social engineering attempt may look like, you are decreasing the vulnerabilities your system may have.

Another way to prevent a ransomware attack is to get cyber protection from a company that specializes in cyber security. By pairing with a specialized company, such as BrightCyber, a business will be able to rest assured that their cyber security is being handled by experienced professionals that focus on these matters. 

Other preventative actions a business can take include:

    • Update and Patching computers
    • Verify Email Senders
    • Keep user’s Personal Information Safe

               

 

What should you do if your business is hit with a ransomware attack?

               Before resolving the issue with the police or security provider, a business needs to:

  • Turn off their other devices and systems
  • Isolate the infected device
  • Secure backups

               Once the device has been isolated, there are a couple of different options for what a person can do if their business is hit with a ransomware attack. Firstly, they can pay the ransom; however, this is not the ideal  option since there is no guarantee that hackers will give the user their files back. Secondly, they can restore their system by using backups. This only can work if the company has backups of all of their information and systems. Finally, they can consult with a cyber security company, such as BrightCyber, to see what needs to be done to rebuild their system and to prevent another incident from happening in the future.

 

After the attack has been remediated, it is in the best interest of the business to purchase better cyber security than they had prior as well as create backups for their system. It is exponentially less expensive to proactively pay for coverage than to retroactively have to fix an incident. 

Sources:

  1. “Ransomware Guidance and Resources.” Cybersecurity and Infrastructure Security Agency CISA, www.cisa.gov/ransomware.
  2. “Datto’s Global State of the Channel Ransomware Report.” 2019.
  3. (2019). Security tip (st19-001). Retrieved February 24, 2021, from https://us-cert.cisa.gov/ncas/tips/ST19-001

Categories

Recent Posts