What is it?
Ransomware is a type of malware (malicious software) used by criminals to deny access to a computer system or data. The program then holds your data hostage and demands a ransom by encrypting users’ files and any files on mapped drives or devices. Criminals may ask for money or cryptocurrency, and ransom demands can range from hundreds to thousands of dollars. And even if you do pay there’s no guarantee that your data will be returned to you.
How does it happen?
Ransomware attacks can happen through a variety of ways such as:
- Scam emails that include malicious links/attachments.
- Infected websites that can automatically download malicious software onto your computer.
- Online ads that contain malicious code even on websites you know and trust.
Overall, most ransomware attacks are distributed through email, and use social engineering tactics to convince the recipient to open an attachment or click a link. Once it has access to your systems, it begins aggressively encrypting all of your company’s data.
What are some steps you can take to protect yourself?
- Implement backup and recovery solutions: make sure backups are stored offline since ransomware won’t be able to encrypt data that isn’t on the network. In the event of an attack, offline data storage can save you from paying a ransom.
- Educate your employees: emphasize warning signs, safe practices, and responses in the event of an attack.
- Manage the use of privileged accounts and set permissions by keeping employee access limited to what they need on the network based on job duties.
- Restrict users abilities to install and run software applications on network devices
- Keep devices updated!