Ransomware has become one of the biggest threats to modern business. If a computer or network is infected with a ransomware virus, a cybercriminal can deny access to an organization’s data and demand payment in exchange for its release.
What’s worse is that would-be attackers no longer need sophisticated coding skills to mount an attack. So-called Ransomware-as-a-Service (RaaS) is available on the dark web. Nefarious “black hat” coders create RaaS applications and offer them via a subscription model. Affiliates rent the code and use it to extort money from unprotected organizations. The affiliate often keeps as much as 80% of the ransom.
The infection point
Most ransomware attacks begin with a phishing scheme. A cybercriminal sends out thousands, sometimes millions, of emails. Each email is constructed to look as official as possible and carries an attached executable file.
If the recipient opens the attached file, it releases a virus that identifies all proprietary data on the computer. It then copies these files to an encrypted volume and deletes the originals. At that point, the user is informed that their data is being held hostage. Often, the only way to recover the data is to purchase cryptocurrency and transfer it to an anonymous recipient.
A ransomware attack can wreak havoc on a company even if it infects only a single computer. However, the trouble can increase exponentially if the computer is attached to an unsecured network.
A computer connected to an enterprise-level data center could potentially infect every device on that network. That includes terminals, servers, network-attached storage (NAS), and mobile devices. Each of those nodes could then infect other devices that join the network. This could result in an attack that impacts thousands of employees, customers and investors.
Cybersecurity can’t offer total immunity to attacks but can come as close as possible. Utilizing the latest security technology is necessary for any organization that wants to keep its data to itself.
IT managers can deploy various hardware and software measures, including firewalls, biometrics, encrypted storage devices and Zero Trust-based protection. Just as importantly, they must update these security measures to keep pace with increasingly sophisticated cybercriminals.