Blog Christina Cooper

Don’t Fall for Ransomware

Photo by Pan Xiaozhen on Unsplash

Ransomware? Ransom… ware? Ransomware! Ransomware has been in the news more and more over the last several years, but this threat is not new to the cybersecurity industry. The risk of becoming a victim of ransomware is no different for small businesses, large organizations within any of the DHS-deemed critical infrastructures, government entities, or as individuals. In order to provide a little education on this subject, here are a few key items that will help define what ransomware is, how it works, what it targets, how to prevent attacks within an organization or as an individual, and what to do if you have already fallen for the ransomware ploy.


What is ransomware?

To understand ransomware, it is first important to understand malware. Malware is malicious software that consists of viruses, worms, trojans, or any other harmful computer programs hackers use to destroy or gain access to sensitive information. Ransomware is a form of malware that denies a user access to their data or computer systems. The attacker then demands a ransom from the victim. In hopes that the victim wants access badly enough, the attacker holds the data or systems hostage until the ransom is paid in full.


How does Ransomware Work?

The most common way victims fall for ransomware is through phishing emails. The email looks an email from a sender the victim may be familiar with but in truth it masquerades as the identity of the familiar party. In many cases there is an attachment that the victim downloads within the email containing social engineering tools giving the attacker administrative access and rights. From there, the attacker can encrypt the data files and deny the victim access to their system. The victim will not be able to decrypt the files without the key from the attacker, which cannot be obtained without payment.


Is Your Organization a Potential Target?

If your organization fits in any of the following categories, you are at risk:

  • Small security teams
  • Conducts a lot of file sharing
  • Colleges & Universities
  • Hospitals
  • Law firms
  • Government agencies
  • Organizations with sensitive data
  • Individuals with sensitive data

In short, anyone or any organization can be a victim as ransomware is indiscriminate. Ransomware looks for vulnerabilities - ways to enter systems or networks - and convinces its victims to pay a ransom to give information back or to keep sensitive information from being newsworthy.


Prevention is Key

Since anyone can fall victim to ransomware, here are a few ways to implement and protect yourself and your organizations:

  • Cybersecurity Awareness Training is key! Having employees educated on what to do when a potential threat is recognized is key. Awareness is important since employees are the #1 reason attacks occur within organizations, whether intentionally or by accident. Being exposed to the proper process and response when the employee suspects a phishing email is extremely important
  • Always keep operating systems patched and updated so fewer vulnerabilities are exposed
  • Don’t install software or give the software administrative privileges unless you know exactly what it is and does
  • Install antivirus software that detects malicious programs (like ransomware) and deploy whitelisting software that prevents unauthorized applications from executing
  • Always, always backup your files, frequently and automatically. While this does not stop attacks from occurring, this can make the damage less significant


When It’s Too Late

What happens when someone within your organization falls for ransomware attack?

  • NEVER pay the ransom! There is no guarantee access will be restored or that the files were not already distributed across the internet. It is also possible that the attacker may continue to collect funds even after the first ransom has been paid. Law enforcement encourages individuals and organizations to not pay the ransom. In some cases, the attack may be a scare tactic for the attacker to obtain money from the victim; encryption methods may not even be placed on the data. This is known as “scareware”
  • Reboot the operating system in safe mode
  • Install anti-malware software
  • Scan the system to find the ransomware program and remove the malware
  • Restore the computer to a previous state

Please note that this may not restore full access to your files especially without paying the attackers what they have asked for. But, this may not be a non-issue if backup files are on-hand. For more sophisticated malware, consider seeking assistance from the FBI. More information can be found within the “How to Protect Your Networks from Ransomware,” a technical guidance document for critical infrastructure entities, including small, medium, and large organizations.


Information and education is paramount in preventing ransomware attacks. Throughout the month of October, Tactile has been a National Cybersecurity Awareness Month (NCSAM) Champion and blogged about security-minded topics such as two-factor authentication, password management, and security practices. Tactile is proud to support NCSAM and their ultimate goal of providing all Americans with the information they need to stay safer and more secure online.


#BeCyberSmart

#CyberSmart

StaySafeOnline.Org