Ransomware & File Corruption: How Does That Happen, & Who Can I Blame? (Part 1: Intro)
Dennis Underwood
CEO @ Cyber Crucible, Inc. | Information Security and Privacy | Cyber Operations Automation Expert | Inventor
Why Are We Writing About File Corruption - Aren't We Supposed to Prevent Attacks?
Have you recently discovered files that may have been corrupted and aren't sure how it happened or what to do about it? Follow this guide to learn more about why and how file corruption happens, and even how to prevent corruption in the future!
First, though, let's get one topic out of the way up front:
Our company wants you to spend time, energy, and money on preventing an inevitably successful ransomware attack from encrypting business operations data. We have spent significant time building a prevention product that has two modes:
1. Fully automated millisecond response, to protect you from having any files encrypted, even after all other defenses have failed, then report to you there is a problem after freezing the ransomware in place.
2. Semi-automated response, which send an immediate message to you asking for permission to freeze ransomware, and save the rest of your files.
Part of that R&D is spent on preventing file corruption, which we have repeatedly found during recovery engagements with customers. That corruption can be due to the criminal activities, inappropriate (for ransomware) security tool or analyst response, or due to IT infrastructure issues. We'll go over all three in enough detail, to arm you. Sometimes, all it takes is a file extension to be renamed to thwart users. If only that is all we had to deal with!
Not everyone has our prevention product (even though we wish they did!). This blog post is a great way to communicate an issue that is very difficult to recover from, for three non-distinct goals of our readers:
1. Readers whom want to know how/why our prevention product is better or different than other solutions.
2. Readers whom are prudently preparing for an eventual ransomware attack, who know some of these corporate ransomware victims had similar robust security programs, and want to be better prepared.
3. Intrusion response personnel who likely have already assisted companies recover, and have already dealt with file corruption issues personally or heard of someone else having an issue.