These are some of the most commonly asked questions regarding ransomware. We asked a few of our internal security professionals to help provide you answers.
We’ve all heard of ransomware, but many aren’t sure exactly what it is. Tom LeNeave, Sr. Security Consultant at Alagen, shares the primary components of this financially-motivated type of attack. He covers what ransomware is programmed to do once on your machine, how you may be notified that you have been compromised, what desired actions the attacker wants from you, and what they promise in return.
There are several ways that ransomware can get into an environment. Tom LeNeave, Sr. Security Consultant at Alagen, explains a few of the most common attack vectors, including emails with malicious attachments or links to ill-intentioned websites and “malvertising.”
Should ransomware be reported? Alagen’s senior security consultant Tom LeNeave explains that it depends. He does encourage you to be prepared and know the answer before a ransomware-related crisis. He advises that you plan with your legal department. Consult any related corporate policies, applicable rules and regulations requirements for your industry, third-party contractual requirements, and insurance requirements.
A successful ransomware attack is clearly a breach of security, but should it be considered a data breach? Alagen’s Sr. Security Consultant Trey Turner breaks down the distinction between an attack that encrypts versus one that exfiltrates data.
Bitcoin is the payment of choice when it comes to ransomware demands. Why is that? Alagen’s Sr. Security Consultant Tom LeNeave explains how the anonymity of this form of payment makes it the most common choice of cyber criminals.
It’s a tough dilemma. No one wants to pay a ransom. But when considering the options, it may appear to be the prudent choice. Trey Turner, senior security consultant at Alagen, talks about the reasons you shouldn’t pay. Then, he emphasizes the importance of being prepared so that you can recover quickly without having to pay. He also suggests that you know your risk tolerance and have planned in advance under what circumstances you would consider payment or related actions.
The best way to deal with a ransomware attack is to be prepared. Senior consultant Trey Turner encourages companies to not only plan, but also to test those plans. He emphasizes the importance of being able to rapidly detect, contain, and recover from ransomware threats. He also notes that identifying the root cause of any successful attacks is also a critical step to ensure that any defensive gaps are closed and you won’t be reinfected.
This frequently asked question is addressed by Alagen’s senior security consultant Trey Turner. Simply put, he says that ransomware can be removed. While removal of the actual malware can be fairly simple, the important step of identifying the root cause to eliminate persistence of the treat can be significantly more challenging. He also points out that removal of the ransomware does not return your access to any encrypted files or systems. Be aware that there are no guarantees. Unfortunately, any decryption attempts — including paying the ransom — may or may not result in you regaining access to encrypted assets.
Protect Your Company from Ransomware Attacks
Alagen has helped organizations of all sizes become ransomware resilient. Guided by established best practices, our Ransomware Resilience Planning service focuses exclusively on ransomware prevention, containment and recovery. Efficiently assessing your strengths and weaknesses, our experts forgo extensive (and time consuming) discovery and documentation to quickly deliver what matters most — prescriptive guidance to decrease your likelihood of a ransomware victimization.