1. What is ransomware?
Ransomware is malware installed on a device without the user knowing. In a matter of seconds, it can block access to computer files and may even completely paralyze the activities of a business by reaching the company’s network.
Fraud can take two forms:
- Ransomware with encryption encrypts data. All files on the infected computer are inaccessible. If the device is connected to a network, the ransomware can spread there too.
- Ransomware with data exfiltration steals confidential information. Businesses are the primary target for this new fraud trend.
Once the software is installed a window or page appears explaining that a ransom is required. Payment must be made within a certain amount of time to regain use of the device by obtaining a decryption key (a password to decrypt the files). The payment demanded for ransomware with data exfiltration will prevent the dissemination of stolen and sensitive information.
The amount of the ransom to be paid is established based on the size of the business. The scammer demands payment in untraceable, digital currency, such as cryptocurrency. If the payment is not transferred on time the amount demanded may be increased.
2. How does the attack come about?
Ransomware finds its way into personal or corporate computing devices in several ways. Here are the most common:
- Malicious application: Once downloaded by the user, the ransomware can take hold of the device.
- Malicious website: The ransomware is activated when the user clicks on a pop-up window or a link that leads to a malicious website.
- Phishing email: Malware is installed as soon as the user clicks on a malicious attachment or link to a malicious site in the email.
Email is the most common method used by scammers. “About 70-90% of cyberattacks are initiated by human error. And among these, in about 95% of cases, it’s caused by the email used by the scammer,” explains Tony Fachaux, an expert in cybersecurity awareness at National Bank.
How to recognize a fraudulent email
To avoid fraud, you must verify that the email you received is legitimate. The sender’s address is the first thing you should check to spot a phishing attempt. Does it look strange? If so, be wary. Another way to spot a phishing attempt is to hover over any links without clicking on them. If they seem fishy, don’t click. You should also be careful when opening attachments. This is often how malware, including ransomware, is installed.
“Is the email worded in a strange way? Is it from someone you know but written in a different way? Does it have spelling errors? These should also give you a clue,” says Fachaux.
If the context of the email seems strange or the message seems very urgent, you should ask yourself some questions. “Official organizations never use a sense of urgency in their communications, to ensure they aren’t taken for scammers,” adds the expert.
3. How to protect yourself from malware
Even if you are being vigilant with your inbox, the websites you visit and the applications you may be downloading are not completely immune to ransomware attacks. Here’s how to be even more prepared.
Set up roadblocks
In business, email protection measures can be implemented to prevent a malicious attachment from reaching an employee’s email inbox,” says Fachaux. “Scammers will always find a way in, but the more you block the better.”
Try to avoid using a computer’s administrator profile when not absolutely necessary. An admin can change device settings and has access to everything on the computer. “Malware needs this access in order to be installed and to function properly,” says the expert. “By limiting the kinds of access corporate users have, we limit the viral spread.”
To avoid being infected with malware, consider installing a good antivirus program on all of your devices, including the ones for personal use. Update your software, operating systems and third-party applications regularly to prevent system vulnerabilities. The updates may contain new protections against recently listed attacks.
Bet on foolproof backups
“Next, put a good backup plan in place,” says Fachaux. “Because an external hard drive attached to the device could also be infected in the attack, make sure you have an up-to-date copy of your files offline. A secure and unaltered backup makes it possible to recover your data without having to respond to a demand for ransom. It is not advisable to pay a ransom. “The more cybercrime is encouraged, the more attacks there will be,” adds the expert.
4. How to get rid of malware
First of all, stay calm. The first thing to do is cut the infected device’s access to the internet and the network. “If connected, the virus can spread and cascade encrypt all the company computers, servers and then cripple the computer system,” says Fachaux. “If the right protections are not in place, the malware could even affect cloud services. When an attack strikes at work, seek support from the IT team quickly. Some ransomware is becoming known in the security world,” adds the expert. “There may be tools that can decipher certain types of malware but in general, everything is regulated so that there are no alternatives but to pay the ransom.”
“Using your backups to recover encrypted information is the best solution to avoid paying ransom. Since many companies are not protected against these kinds of attacks, they have no choice but to pay,” explains Fachaux. “Besides, paying the ransom doesn’t guarantee the security of your data. You have nothing to assure that the criminals will be honest. You risk losing both your money and your files, which is whypaying them should be the last resort. To avoid being faced with this kind of decision, protect yourself beforehand by focusing on vigilance and data backups.”
5. How to get back on track
Eliminate all traces of malware by completely reinstalling the device’s operating system or corporate IT infrastructure. Then start from scratch by recovering your files from a safe backup. IT security specialists or an incident response expert can help you get back on track after a cyberattack.
You can never be too careful, so changing your passwords is a good idea. To avoid the worst, protect yourself from ransomware attacks, especially if you have sensitive information that scammers want to retrieve at all costs.
Several measures exist to protect you from fraud.
