Ransomware is often described as working on the principles of ‘mob rule’, where you pay the bad guy, not because you should, but because the risk of refusing is perceived to be much greater.
Ransomware isn’t far removed from this, as often there is a temptation to pay the ransom to ensure the safe return of the data. Some reports have claimed that while 97% of US companies refused to pay a ransom, 75% of Canadian companies paid, followed by 22% of German businesses and 58% in the UK.
But, the solution to ransomware isn’t paying the ransom.
Our advice is never to pay out in a ransomware attack. It’s important we don’t normalise ransomware payments because, when you boil it down, it’s just another method of extortion. There is no guarantee that cyber criminals will honour any ransom that a company pays, and it funds a dangerous criminal enterprise. What’s more, with many ransomware players demanding payment in cryptocurrency, companies that do decide to pay the ransom could be vulnerable to huge swings in value.
Instead, companies need to go back to basics and ensure they have fundamental security procedures in place from a people (education), process (response) and technology (protection) perspective.
My top 5 tips to combatting ransomware are:
- Don’t open attachments or click on links unless you know they are legitimate
- Keep up to date with system patches and current versions of malware protection
- Proactively monitor network activity to identity and remove malware and phishing (common vehicles for ransomware)
- Keep backups should the worst happen
- Have a detailed and well understood incident response plan
Where does DNS come in?
Throughout a ransomware attack there are DNS requests happening and within this is the opportunity to intercept and identify malicious activity before it causes damage. This should be part of a layered approach to security, which is especially important if hit by a ransomware attack, where a number of security functions have to fail for an attacker to gain a foothold to launch the attack.
What is ransomware?
Ransomware is malware that infects your computer systems and encrypts your files preventing you from using them. It then threatens to keep these encrypted unless you pay a ransom to have them restored – often using a cryptocurrency. The malware is commonly downloaded on to your system via an attachment or link within an email, that are referred to as ‘phishing’ emails, which often appear as though they are from a legitimate source, such as your energy supplier.
Listen to my radio interview on WDUN for more information: