What can be done about ransomware?

What can be done about ransomware?

Innovation isn’t confined to the world of legitimate commerce and business.  Criminals innovate too.  That’s become all too apparent in the last month with the advent of new kinds of so-called “ransomware” attacks around the world.

The idea of ransomware has been around for a decade or more.  Yet it hasn’t been very widespread up to this point, primarily because hackers didn’t have a tried and true system for getting paid in a way that didn’t leave a trail for law enforcement to follow.

Now, all that is changing.  With the advent of bitcoin and various new online payment systems, cyber criminals have new ways to profit from their misdeeds.  These have led to the proliferation of ransomware attacks like the one which infected an entire group of hospitals in Maryland last month.

How does a ransomware attack work?  There are many types, but the one which is currently in vogue involves encryption. Ransomware usually arrives on your computer through one of the usual ways – spam emails, exploitation of known vulnerabilities, and unpatched server software.  Once inside, it gathers all your relevant files and encrypts them – putting all of your critical data under lock and key.  The screen then displays a note from the attacker, instructing you to pay up if you want to see your data again.

In previous generations of ransomware attacks, programs would simply lock your computer or interrupt its processes.  Patches which could delete the underlying program were often enough to alleviate the problem.  But encryption-based ransomware is different.  Deleting the source malware isn’t enough – your files are still locked.

Should you pay?  It’s a tough question.  On the one hand, not paying means that there’s basically no way to unlock your data.  Yet paying comes with its own problems.  It’s not at all certain that you’ll get anything.  And even if you do, the unlocking process could mark your system for future attacks, potentially setting the cycle in motion all over again.

So what can you do to combat ransomware?  Prevention is the best (and maybe only) recourse.  Keeping all kinds of malware out of your systems is the most judicious choice.  That means maintaining strict cyber hygiene – being careful about what you click on. It also means keeping your system up to date.  The Maryland hospital attacks were the result of a known vulnerability in core systems.

Another strategy is to back up your data in multiple places on a regular basis.  If there are alternate editions of your critical information in the cloud, that minimizes the impact of a ransomware attack or even annuls it altogether.  This level of redundancy seems unnecessary at the outset, but when an attack hits it can be essential to your organization’s survival.

We are all vulnerable to ransomware, but there are strategies to mitigate its impact or even prevent it from happening in the first place.  The key is to know your systems and perform regular cybersecurity check-ups.  Need a professional to take a look?  ECHO can help.