It sounds more like a movie than reality. Picture this: You are in the middle of your workday, and suddenly you cannot access a document you’ve been working on all day.
In fact, looking about, you cannot access any of your documents. When you call IT, they inform you that no one can access any data on the company network. Files appear corrupted. Upon further inspection, it turns out all your company files have been encrypted.
Then you receive an email from some unknown person that they have encrypted your data. Further, they made a copy of all of your data in the process.
While you cannot access your data, they intend to post it all online and inform both the media and your customers. That is when they tell you how much money you can pay to get your files restored. This is the essence of ransomware.
Modern Ransomware Attacks
In August, a group calling itself DarkSide announced themselves via press release. While this may sound uncommonly brazen, a recent Forbes investigation says this is increasingly becoming the norm.
According to tech expert Antoine Bechara, “DarkSide is unsettling business-like in its execution. Once seizing a company’s data, they claim to decide on a ransom amount based on the company’s financials to ensure they can pay. In fact, they are so business-like that companies incur late fees for not paying their ransoms on time.”
While DarkSide has worked bizarrely hard to maintain some type of ethical façade, claiming to never target NGOs, hospitals, or schools, DarkSide is definitely no Robin Hood. In just its first two weeks of operation, they claim to have already extorted $1 million USD from one victim.
Ransomware Exacerbated
Unfortunately, the pandemic has increased the risk of ransomware attacks as more companies move their business and day-to-day operations online to help facilitate remote workers.
The groups that run ransomware attacks are aware of this as well, giving them more incentive than ever before to prod and test company networks and systems looking for vulnerabilities.
Once a ransomware attack has happened, it can be impossible to retrieve data without paying the criminals to do so, comments Advanced Firewall Solutions. Given the negative publicity of having data stolen, many companies simply pay the ransom quietly.
It may seem small consolation, but ransomware groups generally do deal in good faith with those who pay. After all, their business model relies on companies being able to pay. And, once paid, the criminals go away and cause the company no more harm.
On Data Protection
The most important thing to remember about ransomware is that once your systems have been infected, IT security solutions are too late. The damage has been irreversibly done, at least until you pay the ransom.
Damage can be someone mitigated by having good backups of data and experts can restore things to normal. However, if your company has sensitive proprietary or customer data, this will not solve the problem of the criminals posting that data on the internet for anyone to see.
So, the best and perhaps only line of defense is keeping ransomware out of your company network, to begin with. This is best done with a full IT security solution, including strong password management, virus protection, staying current with security patches, and having dedicated IT staff on hand who track evolving threats and continue to harden system security.
For smaller companies, this can be a challenge to finance. However, with groups such as DarkSide out there plying their trade, the cost of not having a security solution may be even more. One solution is to outsource IT security altogether.
Doing so means having experts available on-demand as needed, as well as ensuring thorough and timely systems patches. This can be a cost-effective solution to protect against a far more costly breach of security.
For more similar stories, please visit our tech section.
Author: Luke Fitzpatrick
