WATCH What is Ransomware? Day 1 of Cybersecurity Awareness Month 2021
What is Ransomware? Cybersecurity Videos Day 1
Mike Miller 00:04
Okay, Craig. So tell us what is Ransomware? How do you get it?
Craig Taylor 00:08
And how can you avoid it? Ransomware? That’s a great question. This is something that’s been hitting many companies over the last years we’ve heard about Colonial Pipeline. And Kaseya they and others, it’s a hacker utility or a bit of malware that encrypts all your files, and hold them for ransom, until you pay some form of cryptocurrency payment to get the decryption key. It uses ironclad encryption to prevent you from accessing your files.
That’s the traditional ransomware that we’re all familiar with. It’s gone through an evolution however, that makes it much more dangerous. Today, it turns out that MSPs are really good at backing up data. And ransomware was somewhat invalidated. If you had good backups, you didn’t have to pay the ransom, you’d just be without your data for a short period of time, and your MSP or your IT Manager would restore your data and you’d be back up and running as a business and you wouldn’t have to pay that ransom. However, ransomware has evolved and it now tries to exfiltrate, or take your data, your critical data out of your business, and threatens to publish it to the internet. And for many companies, if you’re in healthcare, accounting, finance, tax, law, legal, any of the files that you have, are either intellectual property health records, privileged data at a law firm, for that to get exposed online is devastating to your firm. And so that evolution in ransomware, has forced many companies that get infected with it, to start paying those ransoms through some cryptocurrency exchange.
Now you asked a second question, Mike, how do you get it, it’s typically delivered through email through a link to an email where you either give your credentials to your login through a phishing attack on your credentials, where you It says you’ve had a lock in your, your PayPal accounts been locked, or this accounts been locked or that and you have to unlock it, and they convince you to click on a fake website where you provide your credentials to the hacker. And then they use that to break into your company and install it themselves. Or they’ll deliver it as a payload as an attachment as a file, or on a malicious website that you simply visit or you download and accidentally click on your computer. And then you’re installing the hackers ransomware onto your computer, and it’ll just spread from there. It’s like a virus it spreads across your network encrypting all your files. So that’s what it is, and why it’s evolved into something more dangerous recently.
Mike Miller 02:54
Okay, how can you avoid it?
Craig Taylor 02:56
Well, the first and best method of avoidance is teaching and training your employees how to spot these forms of attack. It’s there’s a well known fact that 90 about 90% of breaches can be tied back to poor password hygiene and or poor password hygiene on the one hand, or a phishing attack on the other or combination of the two. And so, an education and awareness training program for your company, especially if you’re a small business is really key to some avoidance, there are technical measures that you should put in place such as antivirus, spam filters, and your users, quite frankly, should not be operating their desktops with administrative rights. Those are technical measures that can help. But there’s a combination of things that you can do to make your business more robust and better protected than others against ransomware. And so it’s the awareness in your employees because quite frankly, in my experience in most SMBs and the employees there have never received training to spot and avoid phishing attacks, to understand good password hygiene. So those are some of the fundamentals to avoiding ransomware.
Mike Miller 04:16
Okay, so, essentially employee training is key.
Craig Taylor 04:20
It is absolutely it’s one of the very first things I always do with the companies I consult with at CyberHoot.