Ransomware has been the big cyber security news story during the past year, and with good reason. It is extremely aggressive and is capable of locking down files, only freeing them up when a ransom is paid. Importantly, however, you must understand how ransomware works and avoid certain misconceptions. Below are some misconceptions and the truth about them. (Note: if you want to learn more about how ransomware works, and how a managed IT support provider can be effective in stopping an attack, read our article “Attack! How Two Companies Prepared for Ransomware.”
Misconception: Ransomware will only affect the computer it initially infects and, while causing damage there, will also stop there.
Reality: Understand this – cyber criminals are really smart and are constantly working on new ways to get into your files. Think of it the same way you think of a program like Microsoft Office. Office started with limited features, lots of bugs, and got better and stronger over time. Ransomware is going through the same transition. Early versions of ransomware generally infected a single machine and stopped there. Today’s ransomware is much more aggressive and will not only attack the computer in which it lands, some versions can quickly migrate and lock-down an entire network. Some versions will also steal data and credentials from throughout your network.
Misconception: Cyber criminals who use ransomware are only interested in on-premises networks.
Reality: In a recent survey, 35% of infections spread through well-known SaaS (Software as a Service) platforms such as Google Drive, Dropbox and Office 365. They found that infected files that were synched on Dropbox, for example, were not automatically wiped clean of the infection. If colleagues use such files on Dropbox, they can bring the infection back to their own computers and in this way, the infection can rapidly spread throughout the network. Some advanced ransomware does not trigger the lockdown until some time has passed. This allows the bug to migrate throughout the network.
Misconception: Ransomware infections are easy to detect and can be stopped before they spread.
Reality: It can take even experienced users several minutes to realize and diagnose the problem. Ransomware is usually designed to encrypt files very quickly and in the few minutes it takes to realize what happened, it can spread throughout the infected device and into others.
Misconception: Antivirus software will stop all ransomware before it can do real damage.
Reality: By necessity, antivirus software is reactionary, meaning that until there is an attack by a new virus or a new form of an existing virus, the antivirus manufacturers cannot produce the antivirus to fight it…they need to see it to beat it. Consequently, you need to do several things to protect your company:
Misconception: Once the ransom has been paid, your files will definitely be freed up.
Reality: We have seen cases where the cyber-criminal was unable to unlock the files that his ransomware encrypted. What happened? The perpetrator apologized and walked away, leaving years of data permanently locked and essentially destroyed. (Read the article “Attack!” Mentioned in the note above.)
DynaSis has been providing managed IT support and IT security to small and mid-sized companies of all types throughout the Atlanta metro area since 1992. For a complimentary IT assessment, or to just start a discussion, give us a call at 678-373-0716.