Ransomware Q&A
Q. What is ransomware?
A. Ransomware is a type of malicious attack that encrypts files on an infected device or network, preventing them from being accessed until a ransom is paid.
Q. What is the impact of ransomware?
A. The impacts of ransomware can be significant and include loss of data and downtime which can cause business interruption or shut down. Loss of business combined with costs associated with remediation along with any payment of ransom can cause financial losses which in some cases can be substantial.
Q. What is at risk during a ransomware attack?
A. Permanent loss of data is the most significant risk. Paying the ransom is no guarantee that your data will be restored. In recent years approximately 1 in 5 small businesses who suffered a ransomware attack and paid the ransom never recovered their data.
Q. How do ransomware attacks work? How do they access my computer?
A. In most cases ransomware attacks are initiated by a phishing or spear-phishing e-mail message. These e-mail messages appear to be legitimate but instead, contain a link to the attacker’s malicious software. By clicking on this link the user unknowingly opens the door to the attackers.
Q. Who are malicious actors?
A. The profile of perpetrators of ransomware attacks-these malicious actors- is varied but they fall into several categories. These include cyber terrorists, government-sponsored actors, and cybercriminals. Most have a profit motive or seek to cause disruption for political or other gains.
Q. Can ransomware be removed?
A. If you are able to detect ransomware before it encrypts your data it may be possible to isolate and remove it. However, once it has encrypted your data your options are more limited. A good backup and disaster recovery system can allow you to recover to a point in time prior to the attack. If that fails, your options are to pay the ransom or live without the data.
Q. What do I do to protect against ransomware?
A. Tools and technology can only go so far in protecting you from ransomware. A good e-mail filtering solution is the first step. But the single biggest thing you can do to prevent ransomware is to be educated. Security awareness training is essential in reducing the risk from these attacks and in quickly recognizing them when they occur.
Q. Should I pay the ransom?
A. Paying a ransom is never the first solution. Not only is this costly but paying ransom funds the criminals who perpetrate these crimes and may be used for other nefarious purposes. That being said, some businesses, when faced with what could be an existential threat choose to pay the ransom when it is their only alternative.
Q. What happens if the attacker does not decrypt my data?
A. There is little you can do in this case. And while in the majority of cases data is restored, there are cases where the attackers disappear or even demand additional ransom.