Ransomware is the big bad cybersecurity bully that is getting all the attention due to its aggressive nature. It's a type of malware that immediately restricts access to the infected computer system in some way, and demands that the user pay a ransom to the hackers to remove the restriction. Here are a few assumptions you should not make about ransomware, and the facts behind this cyber threat:
Assumption: Ransomware is contained within the computer it infects.
Fact: While this was perhaps the case in some of the early versions of ransomware, today’s threat is much more aggressive, designed to spread itself out across your entire network, and basically rendering your business useless. Some ransomware is designed to attack shared network drives, but other forms are designed to harvest credentials and data from infected systems throughout your network.
Assumption: Ransomware only targets systems on premise.
Fact: The cloud is not immune to these attacks. In fact, 35% of MSPs surveyed in our partner Datto’s 2016 State of the Channel Ransomware Report had witnessed ransomware infecting popular Software as a Service (SaaS) applications including Dropbox, Office 365 and Google Apps. If files on the computer that was infected are synced to a Google Drive for example, the corruption does not disappear. If a coworker goes into the corrupted doc and downloads it to their local PC, some ransomware can spread rapidly beyond its original target.
Assumption: A corrupted PC is easy to detect and can be cured quickly before spreading.
Fact: It often takes a number of minutes for a user to determine the issue they are experiencing after infection is in fact ransomware. Ransomware begins encrypting data very quickly - in a matter of minutes - and spreads rapidly across your network, to other PC's and servers!
Assumption: A good Antivirus solution will thwart all ransomware attacks.
Fact: Anti-Virus and SPAM filter vendors react quickly to these attacks, but it is important to remember that Anti-Virus is a reactionary product. In other words, there will always be a patient zero. The problem comes before the cure, and the next malware variant will proceed the definitions that remedy it. To protect your business data, educate end users on what to watch out for (suspicious attachments, links, etc), ensure your software is up-to-date and patched, and most importantly, use a backup and recovery solution that takes frequent, automated backups of your data with fast recovery to a point in time before the attack happened.