Q: What is Ransomware?
- Ransomware is malware that encrypts files on your computer, afterword leaving you with instructions on how to pay for the encryption key to decrypt your files.
- Method of payment is untrackable crypto-currency
- Wikipedia definition of Ransomware
Q: What can you do to prevent Ransomware?
- Educate your users
- Attackers often enter the organization by tricking its users to open macro infested Office documents. The subject lines of emails contain words like "Invoice," "subpoena," and airline giveaways to name a few. They also gain entry by impersonating email addresses of the organization.
- Authenticate email using DMARC and DKIM
- Use Security enhanced Firewalls
- Implement cloud-based or off-premise backup solutions
Q: How do you restore your data if you are infected with Ransomware?
- It is not likely you will find a tool to decrypt your files. The encryption often used is RSA-1024 or 2048.
- Mathematicians estimate that with the aid of super-computing clusters of 1,000 cores, they may be able to break RSA-1024 encryption in the year 2020.
- Many victims were not provided with a working solution to restore their data even after paying the ransom
- Your most reliable method for recovery is restoring from off-premise, or cloud-based backup solutions.
Q: Should you report Ransomware attacks?
- Yes, definitely! Both the Federal Bureau of Investigation and the Secret Service are investigating the scourge of Ransomware.
- FBI links to report Ransomware:
- Secret Service links to report Ransomware:
Ransomware stories
- Police Department in Texas loses 8yrs of evidence to Ransomware
- Nascar team loses 1,500 man hours in engineering data to Ransomware attack
- The Sport-Levine Family Racing team decided to pay the ransom and in this case, they did get their data back
- Experts predict Ransomware will soon hold your Operating System hostage
