What is Ransomware?

 2017-01-25 11:50 AM by
What is Ransomware?

Essentially a Ransomware attack occurs when your files and information are encrypted by a cyber criminal and held hostage. In order to decrypt your files and information you are forced to pay a ransom to the cyber criminal, using some form of untraceable digital currency like bitcoins.

Ransomware such as Locky, Cryptolocker and Petya have been the predominant malware threats users have been facing this year. When Ransomware first appeared, it was on a small scale and targeting individuals and small businesses in a very rudimentary manner. However, cyber criminals have upped the ante and have been releasing more sophisticated strains of Ransomware in order to maximize the profit and infection rates of their Ransomware creations.

How Ransomware works

Ransomware is spread by unsuspecting users opening a legitimate looking email attachment that then infects their machine or as a result of users accessing untrusted websites.

Most security solutions today are unable to protect you from newer strains of Ransomware. This is due to Ransomware strains constantly morphing – as a result traditional anti-malware pattern detection solutions are unlikely to detect constantly varying newer strains. In essence, the ability of ransomware to shape shift (polymorph its code) makes it extremely hard to detect via traditional methods.

Once the infection has taken place the malware starts encrypting files on the machine, and depending on the strain of malware you get, it may even target other devices on your network. The latest strains of malware even actively seek out backup files and encrypt them as well, so even if you do have an onsite backup it could be rendered useless.

This ultimately places you are at the mercy of the cyber criminal, as your data is being held hostage and the only way to decrypt it is by using a decryption key. To retrieve the decryption key, you will need to pay the ransom for your data and within a specific time frame. If you don’t meet the demands the price increases or you lose your data permanently.

The effects of Ransomware

The effects of Locky, Cryptolocker and Petya have been hard felt by many businesses. This year alone has seen a number of hospitals falling victim to the Ransomware, which has lead to major reputational damage, information loss, and economic damage.

Furthermore, if you do manage to restore a backup or you pay to get the decryption key for your encrypted data, it does not prevent you from being hit by Ransomware again in the near future.

Can you mitigate Ransomware risks?

Although Ransomware is extremely difficult to detect and prevent from infecting your systems, there are a number of ways to limit the risks you face from Ransomware. This includes not opening attachments from unknown emails, not accessing untrusted websites and keeping your devices continually updated and patched. However, this is not a foolproof system.

Due to the increased number of Ransomware attacks, security companies have had to start changing their approach for how they protect computer systems and networks. This has lead to a new solutions that can put a stop to the blight of Ransomware.

Panda Adaptive Defense 360 is one of these new and advanced security solutions. It is the first and, as yet, the only solution that combines Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities into a single protection solution.