Ransomware Defenses

Ransomware Defenses

By: Scott Busby, Security Engineer, MAD Security | February 1, 2019   The name ransomware comes from a not particularly clever combination of the words “ransom” and “malware”. First seen in 2013, ransomware is a type of evolving malware that attempts to encrypt files on a target system and make them unusable for the victim. The attacker then informs the victim that for a hefty fee (often paid in Bitcoin) they can regain access to their data. Losing access to data can be a showstopper for businesses, and for individuals with important photos or documents; it can also be emotionally devastating.   Victims essentially only have three options for getting their data back. The first and most obvious option is to just pay the ransom. Not only is this option costly, but you have no guarantee that the attacker will actually decrypt your data after receiving payment. The second option is to discover the private key that the attacker used to encrypt your data. In most instances this isn’t really an option, however there have been some cases of attackers hardcoding decryption keys that have been documented, but for the most part, brute forcing the private key used to decrypt the data would require nation-state level resources and a long-time commitment. The third and best option (if available) is to just simply restore the data from a backup. In this scenario, having a backup could save your company hundreds of thousands of dollars and reinforces just how critical backing up data is!   Although ransomware attacks have trended downward significantly since their 2013 debut, as much as 16,000 ransomware...