What is a ransomware? What damage does it cause?
The cyberattacks are becoming more popular and equally affect all types of businesses , regardless of size or sector engaged. If your company is not properly protected – 63% of companies do not have security solutions – you become the ideal victim. In recent years, ransomware attacks have become popular due to their profitability , allowing cybercriminals to obtain easy money by hijacking the data of your computers.
A Ransomware is a type of malicious software that, when installed on computers, grants its control to the cybercriminal allowing it to “hijack” the information it contains. When the user or the compromised company tries to regain control, the cybercriminal asks for an economic rescue in return.
In recent years the number of ransomware attacks has increased significantly, reaching five times the infections between 2014 and 2016. The most famous and most damaging have done PC Cyborg, Reveton, Cryptowall, Cryptolocker, RSA4096, WannaCRY … The latter was the one that originated the famous May 2016 attack against Telefónica and many other companies, causing important security breaches in many of them. It has infected more than 200,000 victims in more than 150 countries .
The real danger is not so much in each of these malwares, but in their mutations and variants, which evolve faster than the antivirus , and before you can find a solution to stop them, they always infect some equipment, thus benefiting the cyber criminals .
A ransomware can access your system in different ways, either through a link or fraudulent file in an email , P2P platforms, popular program activation keys or through deceptive advertising banners on a web page or social network ( malvertising). Once installed on the computer, it encrypts the files on the hard drive and locks the system .
There are two types of blocking : without encryption and with encryption. The first deactivates the task manager, shields access to the registry and infects the explorer.exe file to prevent you from using any program on your computer. The second block also encrypts the files , making it almost impossible to recover them if you do not have the key. If the infection is of the first type, an antivirus could end this threat, but if the ransomware encrypts the operating system or your data, there is no other option but to format the device or pay the ransom.
But what guarantees would you have after paying? What if they encrypt everything again?
How to act in case of ransomware infection
SHUT DOWN AND ISOLATE
If your computer has been infected with a ransoware , bear in mind that the malware is installed on the computer, so the first thing you should do is turn off the computer and isolate it from the network to prevent it from spreading.
CHECK THAT THERE ARE NO MORE INFECTION CASES
Make sure you are the only case of ransomware infection . Communicate it to the computer manager and all your team as soon as possible so that extreme precautions are taken.
RESTORE YOUR SECURITY COPIES
Next, it will be time to restore your backup copies to avoid extending the inactivity time of the infected user or computer. If you do not have them, get in touch with professionals because in some cases it is possible that the information can be recovered through forensic tools.
And for the next one, take preventive and business continuity measures!
At Tecon we offer professional security solutions to reduce risk exposure and ensure the continuity of your business: antivirus, firewalls, email with professional antivirus, backup solutions in the local or in the cloud … Better safe than sorry!
Protect your business More information about SECURITY SOLUTIONS
What did you think of this article? Share it with your contacts and help them also know how to act in front of ransomware cyber attacks!