Tyler Smith, a senior security engineer, was on his way to Kentucky when he received an urgent phone call – one of his clients suffered from a ransomware attack. The backup files. The network storage files. Everything was encrypted. The client was backed into a corner and had to pay the ransom.
Less than two weeks later, the same client was hit again. The attackers humorously offered them a discount because it was their second attack. Luckily, Smith and his team were able to find the key in the code to decrypt all the files. His client would not have to pay the ransom fee again. It took such a horrific set of incidents to get the client to finally take cybersecurity much more seriously.
This occurred in the early 2010s. Since then, ransomware attacks have only become more sophisticated.
Essentially, a ransomware attack happens when a team member clicks on a bad link and their machine becomes compromised. The virus jumps from machine to machine and encrypts the team’s files. Typically, a sum of money is demanded in exchange for the return of the files.
“Paying the ransom is never recommended,” Tyler says. It does not guarantee that it will solve your problem. For example, there could be bugs in the malware, causing the data to be unrecoverable.
However, there are certain scenarios in which there is no choice but to pay the ransom. For example, companies working in areas such as health care cannot afford to have the patient data lost or compromised. When vital information or millions of dollars are at stake, paying the ransom feels as if it is the only way out.
The best defense is to train the end-users in an organization.
“Human beings are notorious for overcoming all security efforts because they don’t understand the why behind the security measures,” Tyler says.
You can also detect these attacks by ensuring that next-generation end-point detections and response software is deployed on all the endpoints of users in your cyber environment; You should segment the networks and limit the connects between the segments in a way that makes sense for your business.
With ransomware it does not matter what line of business you are in. Ransomware is not going away. Rather it is advancing quite rapidly. Companies are even built upon customizing attacks for clients.