What is Ransomware?
Ransomware is a continuously evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption - often targeting and threatening to sell or leak exfiltrated data or authentication information if the ransom is not paid.
Who is at Risk of Ransomware Attacks?
Anyone with a device connected to the internet is at risk, including government or law enforcement agencies and healthcare systems as well as other critical infrastructure entities. Ransomware incidents have become increasingly prevalent among the state, local, tribal, and territorial government entities and critical infrastructure organizations. Ransomware can also hit service providers, so the risk is not only associated with an organizations on-premises or internally managed IT systems.
Impact of Ransomware
Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate. The monetary value of ransom demands has increased, with some demands exceeding $1 million. Some victims pay to recover their files, but there is no guarantee that they will recover their files if they do. Recovery can be a difficult process that may require the services of a reputable data recovery specialist.
Responding to a Ransomware Attack
The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends using the Ransomware Guide checklist when responding to ransomware. The guide will take you through the response process from detection to containment and eradication.
Best Practices to Protect Against Ransomware
CISA recommends the following precautions to protect users against the threat of ransomware:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Back-up data on a regular basis. Keep data on a separate device and store offline.
- Restrict user permissions to install and run software application. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Only allow approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
Law Enforcement encourages every ransomware incident be reported to the U.S. government. Ransomware victims can report their incident to the FBI, CISA, or the U.S. Secret Service. A victim only needs to report their incident once to ensure all other agencies are notified. Victims should also immediately notify their Bank to help protect impacted bank accounts.