January, 18, 2021

Whenever I speak to a client about Ransomware Attacks, I generally get a reply like, "Who would want to target me?" or "We're really not big enough to be a target." The truth is that a majority of Ransomware Attacks weren't targeted at all. It was a random click on the wrong site, or an unknown infection on a known site. Perhaps opening a link in an email that looked like it was from someone you know, but was actually spoofed. It really happens. Yes there are times when a business is targeted directly, but more often than not it is a user that unknowingly invites the attack in.

So now what? Your files have been encrypted and unlike the photo above, the hacker is looking for you to deposit bitcoin into his account in order to get the decryption key. Paying the ransom, generally will just leave you minus a lot of money and still not getting you data unencrypted, not to mention emboldening the thieves to come back for more. So much for honor among thieves, right?

I had an experience recently with an attack. A user unknowingly clicked on the wrong thing and the trojan came in and encrypted several folders on the server and began encrypting files on the workstation. I don't know if this specific variant was still being developed or if it was just an inexperienced hacker who wrote it. But it did me a few favors, that lessened the damage. I won't go into detail about that, no sense in helping them out, but never the less I was glad for these favors. Luckily, since my company maintains the network, there were safeguards in place and I was able to restore the system with minimal loss of data and no payment of bitcoin. There was still some data loss, but it was minimized.

The bottom line is that great care must be taken to protect networks in anticipation of Ransomware Attacks. Antivirus alone, will not be enough. It requires a few layers of protection. You may not always be able to keep it from getting in, but you always want to minimize the damage that is done.