From worms to email attachments, an attack campaign, or through a malicious link, ransomware attacks are making a huge impact on companies small, large, and everything in between. Don’t be a victim – get to know how ransomware works and how you can avoid getting hit.

The headlines about cyber security and attacks are nearly a daily reminder that ransomware exists. The cyber criminals continue having success after success placing files on their victims’ computers and disabling their data, effectively holding it ransom until they’re paid off, often in cryptocurrency. Phishing became the number one method for infecting a user with ransomware in 2020 and remains the most effective method today.

 

Phishing Challenges

Phishing involves duping someone into thinking a link is from a trusted source when, in fact, it is malicious. The most common phishing channel is email. The files can include any number of file types, from a PDF to ZIP, Word document, or JavaScript. Hackers fool users into enabling macros when they open a file/document. The hacker then runs a script that infects the computer with EXE files, thereby allowing them to encrypt the data and render it useless to the user.

When this phishing attack is successful, the cyber criminal can jump over to other machines on the network and further infect an organization’s data.

 

Risky Websites

Another method through which ransomware can become a pain in your side is via something called “drive-by downloads” from websites that look like they’re legit but aren’t. The download happens without you even knowing about it – all you have to do is visit a compromised website. Sometimes, if the hacker can find a vulnerability in a legitimate website, they’ll exploit it and deliver their malicious code to unsuspecting victims. Big sites, including the New York Times and the NFL, have had their vulnerabilities exploited in the past.

 

Detecting and Preventing Ransomware

Monitoring your network traffic is one way to sniff out suspicious behavior that could be a ransomware attack in process. You can also monitor logs and processes, which involves looking for binary files used for data destruction. The ransomware will get in and destroy shadow copies and prevent users from recovering data, so catching them early is the key and the reason monitoring is so effective.

Off-site backup files are the way to go if you want to have that crucial layer of separation between your on-site data and backup data. This doesn’t prevent a ransomware attack; it just takes away the cyber criminal’s ability to control your next move. Companies that don’t back up their data in a secure location must pay the attacker to regain access to their critical information. When your data is backed up remotely, you can address the situation that allowed the attack to occur, while relying on that backup data to maintain business as usual.

S2 Solutions is an organization that offers strategic technology solutions. We partner with our clients and provide critical services via trained professionals who are expert technology advisors and are committed to enabling you to move forward toward your goals. From cyber security to database efficiency, disaster recovery to cloud migration strategy, we can help you. Contact us today and let’s discuss your unique needs.