- Get link
- X
- Other Apps
Criminals use different strategies to steal money from ignorant victims. A popular approach is to encrypt the files of the user who only gains access to them after paying a «ransom» - maybe ...! One of these strategies is the spread of ransomware.
“Ransomware”
is a specific family of malware. It usually spreads through malicious
email attachments or infected websites. Once installed, “ransomware”
encrypts files on the victim's computer as well as on any connected network
drives and storage media (e.g. USB sticks). This renders the encrypted
files unusable for the victim.
How
to Protect Yourself from Ransomware:
1. Make Regular Backups of Your Data.
Make sure
that you disconnect the medium on which you are making the backup copy from the
computer after the backup process. Otherwise, in the event of an attack by
“ransomware”, the data on the backup medium may also be encrypted.
2. Always Keep Installed Software and Plug-Ins Up-To-Date.
Make sure
that all installed software, apps, and web browser plug-ins are always up to
date. Whenever possible, use the software's automatic update function.
3. Be Careful of Suspicious Emails,
for
e-mails that you receive unexpectedly or that come from an unknown sender. Do
not follow any instructions in the text, do not open any attachments, or follow
any links.
4. Use a Modern AntiVirus Program with Ransomware
Protection,
that is
always kept up to date with automatic updates. Otherwise, there is a risk
that newly developed malware will not be recognized.
5. Segment Your Network
as
described in the Secnovum article on network zoning. This
allows you to reduce the risk of spread, for example from a client to the
server.
How
Ransomware Works
It happens
quickly: opening a malicious email attachment or an infected website maybe
enough for an encryption trojan to nestle on your own system and inexorably
render data unusable by deleting or encrypting it.
When
attacking companies today, different types of malware are often combined with
one another in such a way that they hide from simple virus protection programs
and can thus automatically spread across the entire network. They are
configured in such a way that all data backups accessible via the network are
encrypted or deleted first and then the original files and shadow copies are
encrypted - this to prevent a restore from the data backup.
If the files on the computer were encrypted by the «ransomware», this shows the victim a «lock screen». This requests the victim to pay the attacker a certain sum of money in the form of an internet currency (e.g., Bitcoins) so that they can rerelease the encrypted files and the latter can thus be reused (blackmail). Using an internet currency makes it difficult to track authorship.
However, compliance with the demands made by
the attackers and the associated payment to the attackers do not guarantee that victim will regain access to the encrypted files. Also, a
payment finances the attacker's business model and thus allows them to continue
the attacks with “ransomware” and to infect and damage other victims.
Possible rescue in an
emergency: Whether
decryption routines are already known for ransomware can be
seen on websites such as no more ransom.
Companies
Are Ideal Victims of Attacks
When it
comes to spreading ransomware, cybercriminals primarily target companies
because they have a lot of business-critical data at their disposal and are
therefore more willing to pay high ransom sums to avert an existential loss of
data. An infection with an encryption Trojan and the associated loss of
data can just as easily affect private users.
The most
important countermeasure to prevent data loss through ransomware is therefore
the regular creation of security copies (backups) of your files - further
information on this, primarily for small businesses, can be found under “ Step
1 - Backing up the data ” on the platform “ eBanking - but secure! ».
Comments
Post a Comment