https://www.syseng.com/it-consulting-services/se-policyadvisor/Here at Systems Engineering (SE), we continue to see businesses impacted by ransomware; this creates a disruption to business and in some cases, a data breach.
A wide variety of social engineering tactics are employed to get an unwitting end-user to click on a malicious link. Once clicked, a malware is downloaded giving criminals access to the computer and therefore the network. These emails range from resumé attachments to dire warnings that the PC is infected and needs an immediate response of 'click here' to fix. Fortunately for SE clients, backups are in place which allows for the recovery of encrypted data, avoiding the need to pay any ransom.
In April, the FBI reported that “Cyber-criminals collected $209 million in the first three months of 2016." So while having a good file backup is the number one solution for recovering from a ransomware attack, end-user education is the key to avoiding the risk from the start. Users need to read and understand their organization's Information Security Policy and be trained on proper end-user behavior for both email and online utilization. It doesn't stop with annual training, they should be tested regularly to prove they are adopting good security habits.
Ransomware encrypts all the business files it can find and then holds those files for ransom. Payment is usually demanded in Bitcoin starting around $500, which can escalate quickly. Unfortunately, even if you pay, there is no guarantee you will gain access to your PC or files again.
More commonly known by CryptoLocker or CryptoWall, you may be familiar or have even dealt with this malware. However, a new ransomware strain known as ZCryptor, has many security experts on alert. Its worm-like behavior spreads via removable and network drives propagating itself to affect more users. For more information on the current state of ransomware threats, see the U.S. Computer Emergency Reediness Team “US-CERT” alert.