Ransomware has been the big cyber security news story during the past year, and with good reason. It is extremely aggressive and is capable of locking down files, only freeing them up when a ransom is paid. Importantly, however, you must understand how ransomware works and avoid certain misconceptions. Below are some misconceptions and the truth about them.
Misconception: Ransomware will only affect the computer it initially infects and, while causing damage there, will also stop there.
Reality: Understand this – cyber criminals are really smart and are constantly working on new ways to get into your files. Think of it the same way you think of a program like Microsoft Office. Office started with limited features, lots of bugs, and got better and stronger over time. Ransomware is going through the same transition. Early versions of ransomware generally infected a single machine and stopped there. Today’s ransomware is much more aggressive and will not only attack the computer in which it lands, some versions can quickly migrate and lock-down an entire network. Some versions will also steal data and credentials from throughout your network.
Misconception: Cyber criminals who use ransomware are only interested in on-premises networks.
Reality: In a recent survey, 35% of infections spread through well-known SaaS (Software as a Service) platforms such as Google Drive, Dropbox and Office 365. They found that infected files that were synched on Dropbox, for example, were not automatically wiped clean of the infection. If colleagues use such files on Dropbox, they can bring the infection back to their own computers and in this way, the infection can rapidly spread throughout the network. Some advanced ransomware does not trigger the lockdown until some time has passed. This allows the bug to migrate throughout the network.
Misconception: Ransomware infections are easy to detect and can be stopped before they spread.
Reality: It can take even experienced users several minutes to realize and diagnose the problem. Ransomware is usually designed to encrypt files very quickly and in the few minutes it takes to realize what happened, it can spread throughout the infected device and into others.
Misconception: Antivirus software will stop all ransomware before it can do real damage.
Reality: By necessity, antivirus software is reactionary, meaning that until there is an attack by a new virus or a new form of an existing virus, the antivirus manufacturers cannot produce the antivirus to fight it…they need to see it to beat it. Consequently, you need to do several things to protect your company:
- Educate your entire staff.
- Make sure all your software is up to date and the latest patches are installed.
- Establish proper backup and recovery protocols based on recovery point objectives (RPOs) and recovery point times (RPTs) that work for your company.
- Speak with us about our proprietary Crypto Containment System (CCS), developed in conjunction with 12 other managed IT services from across the country. CCS quickly detects and locks down infected files, dropping them out of the network and preventing the spread of the virus. This also allows rapid re-upload of locked files and restores your network to 100%.
Misconception: Once the ransom has been paid, your files will definitely be freed up.
Reality: We have seen cases where the cyber-criminal was unable to unlock the files that his ransomware encrypted. What happened? The perpetrator apologized and walked away, leaving years of data permanently locked and essentially destroyed.
Novatech has been providing managed IT support and IT security to small and mid-sized companies of all types throughout the SouthEast since 1992. For a complimentary assessment or to just start a discussion, give us a call at 866.252.6363 or online at Novatech.net