Ransomware Protection Resources

Ransomware is malicious software that encrypts a user’s or organization’s computer files and demands a ransom for the decryption key. To be effective, ransomware must gain access to a target system, encrypt its contents, and demand payment from the victim. Cybercriminals use a variety of methods to deploy ransomware software, including phishing, SMShing, and other social engineering efforts. They place businesses and individuals in a situation where paying the ransom seems like the most attractive option, but paying the ransom is never advised.

Prevention and preparation are the best defenses against ransomware. A strong backup system combined with a good disaster recovery plan can help you minimize downtime in the event you do get attacked. Here are some suggested strategies:

• Use anti-virus software to block known ransomware variants from launching.

• Back up your files frequently and isolate them from open networks.

• Protect data with immutability using Object Lock.

• Make sure security patches are applied as soon as possible.

• Train staff on how to recognize phishing attacks and social engineering efforts.

• Use least privilege rules and only give users the lowest system permissions they need to do their work.

The best way to recover from ransomware is to restore your files from an unencrypted backup. While it may seem tempting to give in to cybercriminal’s demands and pay the ransom, there’s no guarantee that the decryption key they provide will work. Paying the ransom also encourages cybercriminals to keep targeting other businesses like yours and could lead to legal trouble if the ransomware syndicate is a sanctioned entity.

A ransomware attack progresses through a number of stages:

1. Infection: Cybercriminals need to get the ransomware on your system, and have a number of ways to do that – phishing emails, physical media, brute force attacks, etc. The ransomware only needs to infiltrate one endpoint to gain access.

2. Secure Key Exchange: Once installed, the ransomware sends a signal to the cybercriminal to generate cryptographic keys to lock the system.

3. Encryption: The software then begins encrypting any file it can find on the machine it was initially installed on and across any network it was connected to.

Object Lock is a robust backup protection tool that enables you to store objects using a Write Once, Read Many (WORM) model. That prevents data from being changed or destroyed for a specified time after being written. You can read the files, but no one, including the file owner or whoever sets the Object Lock, can modify, copy, encrypt, or delete them.