Introduction to Ransomware

Q:  What is Ransomware?

  • Ransomware is malware that encrypts files on your computer, afterword leaving you with instructions on how to pay for the encryption key to decrypt your files.

Q: What can you do to prevent Ransomware?

  • Educate your users
    • Attackers often enter the organization by tricking its users to open macro infested Office documents.  The subject lines of emails contain words like "Invoice," "subpoena," and airline giveaways to name a few.  They also gain entry by impersonating email addresses of the organization.
  • Authenticate email using DMARC and DKIM
  • Use Security enhanced Firewalls
  • Implement cloud-based or off-premise backup solutions

Q:  How do you restore your data if you are infected with Ransomware?

  • It is not likely you will find a tool to decrypt your files.  The encryption often used is RSA-1024 or 2048.
    • Mathematicians estimate that with the aid of super-computing clusters of 1,000 cores, they may be able to break RSA-1024 encryption in the year 2020.
  • Many victims were not provided with a working solution to restore their data even after paying the ransom
  • Your most reliable method for recovery is restoring from off-premise, or cloud-based backup solutions.

Q:  Should you report Ransomware attacks?

Ransomware stories