Help you understand the dangers of ransomware, and how it affects not only you, but your organisation

In recent years, ransomware attacks have emerged as a significant threat to organisations worldwide, causing disruptions, financial losses, and compromised data security. It's essential that we all understand what ransomware is, how it operates, and the proactive steps we can take to mitigate its risks effectively.

Ransomware was first spotted in 2013. Since then, its use has expanded rapidly, so it’s important that you understand how to detect and mitigate the threat.

What is Ransomware?

Ransomware is a type of malicious software designed to encrypt files or lock users out of their systems, rendering them inaccessible until a ransom is paid. Cybercriminals deploy ransomware through various means, such as phishing emails, compromised websites, or exploit kits. Once infected, victims receive ransom demands typically requesting payment in cryptocurrency in exchange for decryption keys or system access.

How ransomware spreads?

Ransomware is typically spread in files attached to spam or phishing emails.

• Malicious attachments

Ransomware is often installed by macro-enabled Office documents or script files, like JavaScript. It can also be found as executable attachments or even within the script files themselves.

• On the Web

Ransomware can also be spread on the web. Users have been infected by compromised ad networks, even on legitimate websites, by malicious files hosted on peer-to-peer sharing sites.

Prevention tips to protect against Ransomware:

1. Keep software updated: Keeping anti-virus up-to-date will block many (not all) attempts to compromise your device.
2. Be vigilant: Need to know about the dangers of ransomware, phishing, and other common attack vectors. Recognise suspicious emails, links, and attachments and report Ransomware attacks.
3. OPT for safe browsing: Encourage employees to exercise caution when browsing the internet, downloading files, or clicking on links from unknown or untrusted sources. Avoid visiting suspicious websites or downloading files from unverified sources.
4. Backup data regularly: Implement a robust data backups and store backups securely offline or in the cloud to prevent them from being compromised by ransomware.

The Ransom

The ransom is typically requested in bitcoin or other forms of digital currency. These forms of currency are difficult to track, which makes it harder to track down the attacker one the ransom has been paid.

Cost of Ransomware

Organisational

Several organisations in the healthcare, public sector and other industries have been affected by ransomware attacks. Once one computer is infected, the whole network is compromised. As a result, employees are not able to perform their job duties and customer or patient data is inaccessible. Unless the organisation has secure backups, the data is likely gone.

Individual

When targeting individuals, attackers often ask for small payments, assuming people will pay the ransom to avoid the hassle. Even if the individual pays the ransom, the attacker may keep the files or return them infected with malware.

Should you pay the ransom?

Paying the ransom seems like an expensive but simple fix to the problem, but it’s not as simple as it sounds. In several cases, individuals have paid the ransom and recovered their files to find out they were corrupted. If the files are corrupted, you may not access them either way. In addition, you’re not necessarily safe as soon as you recover your files. Remember: ransomware attackers are criminals. They may leave behind other types of malware that can compromise your computer, your mobile phone, or your network.

What to do when infected

Even if you do your best to prevent ransomware, you cannot guarantee that it won’t happen to you.

If you suspect that your device is infected by ransomware, try these steps:

1. Put your device into SLEEP mode. If the virus is preventing you from putting your device into sleep mode, power it off.
2. Remove your Ethernet cord, remove any physical storage devices and make sure you are not connected to your organisation’s WiFi connection.
3. Report the ransomware incident to a department authorised to handle the situation. Reporting immediately is essential.

Stay vigilant and alert! You are the first line of defense.