Ransomware Attacks – Protection Tips for Businesses

Ransomware is a type of malicious software that typically infects your computer through opening a malicious email attachment, visiting an infected website, or downloading hacker-manipulated freeware from the internet. Once this type of malware is installed on your system, it encrypts your files and then demands you pay a ransom to restore them. The ransom is usually demanded in Bitcoin or Monero. Ransomware is one of the most lucrative business models for criminals and has led to numerous worldwide damage cases in recent years.

Here are some tips on how to protect yourself from ransomware attacks:

• Install a trusted antivirus software. Security software provides a first step in protection against ransomware and other types of malware. Make sure to install software with real-time protection that checks for and installs updates multiple times daily.
• Only visit trusted websites and download portals. Avoid visiting suspicious websites or opening downloaded files from the internet, as these are often the source of malware attacks, especially if they come from unknown sites. If you need to open downloaded files, scan them first with your security software to ensure they're clean.*
• Stay up to date and always install the latest security updates for your operating system and other software you use. Installing these updates closes security gaps that criminals could use to install malware or gain remote access to your system.
• Regularly create backups of all important files and information on your computer. This is essential in case your computer becomes infected and your data gets encrypted. If you regularly create backups, you'll always have access to a clean copy of your data even in the worst case scenario, which can be invaluable.

* Even antivirus and anti-malware programs don't offer 100% protection. They can't, because new attacks or attack types are initially unknown and can only be detected through heuristic analysis, but not always.

How does a ransomware attack work?

There are many different types of ransomware, but most work on the same basic principle: Once the malware is on your computer, it begins encrypting your files. To avoid immediate detection by antivirus programs, this often happens relatively slowly in the background. However, files are gradually encrypted. Specifically, this means that all your files are made unreadable and you no longer have access to them. The perpetrators then demand ransom from you to provide the key that can decrypt the files. In many cases, it's not possible to decrypt the files even after paying the ransom. Therefore, it's not worth paying ransom, and we strongly advise against it.

Tip: Only in about 30% of cases where the ransom is paid is successful decryption of the data possible afterward. In the other 70% of cases, this doesn't work because either the key is wrong, there is no decryption routine, or the decryption program is simply too poor to effectively carry it out. Therefore, it's very important not to pay any ransom and instead create backup copies of your files. This way, you can always perform a restore.

In most cases, ransomware involves extortion: The perpetrators threaten to delete your data forever or share it with others if you don't pay their ransom within a certain deadline. Data exfiltration – the process when data is stolen from your environment – usually happens shortly before a file is encrypted and is rarely noticed.

What tips are there to protect against an attack?

One of the best ways to protect against a ransomware attack is caution and regular data backup. This means having a copy of your most important files and folders in a secure location in case your computer becomes infected with ransomware. If you create regular backups, you'll still have access to your data even if ransomware encrypts it. A common and proven concept for data backup is the 3-2-1 backup rule.

Another important tip is to only visit trusted websites. Most ransomware attacks occur through malicious websites or hidden links in emails. Therefore, always remain vigilant and don't install software from unknown sources.

Last but not least, you should install an antivirus program on your computer and update it regularly. Good virus protection detects most types of malware, including ransomware, and blocks it before it can infect your computer.

If you have questions about ransomware and want to know how best to protect against it, we're here to help: Contact.