There is no denying that the ransomware threat has surged dramatically into an epidemic that has plagued not just endpoint users but also public and private organizations. The malware type is made very effective because it exploits and cashes in on the fear of its would-be victims.
From the simple loss of access to files found in a user’s system to a smeared reputation due to empty threats, ransomware infections heavily rely on an array of scare tactics to coerce its victims to pay up. But much of what makes ransomware so effective is the fact that victims usually don't know they've been infected until they see the ransom note popping up on screen—and it's too late by then, as the malware has already done its damage.
[Related: What makes ransomware so effective?]
Much of the coverage on ransomware either focuses on how it arrives in a system and the damaging repercussions that comes after. But what happens in between? Here's what happens in the background, before victims see the ransom note.
In an incident at the Colorado allergy clinic reported in July, employees reported difficulty accessing computer files and documents. This led the organization’s IT department to shut down servers in fear of a virus attack on its network. Later on, evidence of an interrupted ransomware infection—including a ransom note draft left in the system—were uncovered by the health clinic’s IT team and the third party cybersecurity partner commissioned to analyze the incident. Unfortunately, not all cases of ransomware infections have been thwarted as easily.
Ransomware behavior varies per family or variant, but there are telltale signs that could alert a vigilant user or an IT admin to a ransomware infection. For instance, during the encryption process, a would-be victim could experience system slowdown due to the extra processes running in the background. A hard drive light that's constantly flickering—without any legitimate process running—means that the hard drive is being accessed. Unfortunately, this could mean that the search and encryption process has begun.
Defending against ransomware
The entire process could be done within minutes after a victim clicks on a bad link or downloads an email attachment. This short window of time could spell trouble for a user or a business, but it could also provide ample opportunities for IT administrators to establish control of the situation.
True, ransomware is a serious threat that can cause a lot of damage, but it is not unstoppable, and is certainly preventable. Vigilance, when embodied by users and employees of an organization, greatly helps reduce the risk of downloading ransomware.
There is no all-encompassing antidote when it comes to preventing ransomware. A multi-layered approach that prevents it from reaching networks and systems is the best way to minimize the risk of reaching endpoints.
A majority of ransomware arrives via email. Subscribing to an up-to-date email and web gateway solutions greatly minimizes the risks by preventing malware from entering the network.
Maintaining a regular backup schedule of critical data can also turn cyber-extortionists powerless, as victims won't have to resort to paying the ransom to regain access to locked data.
The key is in arming users with knowledge on infection techniques commonly used by cybercriminals. In organizations, IT admins should be proactive in educating the workforce on possible ransomware entry points and in enacting policies that would prevent the access of potentially harmful sites that could compromise the company’s network.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.