Ransomware is malicious software which covertly encrypts your files – preventing you from accessing them – then demands payment for their safe recovery. Like most tactics employed in cyberattacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.
Encryption doesn’t always stop at an individual’s computer. Mapped drives may also be encrypted, which makes ransomware a high risk for organizations and consumers alike. However broadly it’s executed, the attacker’s movement often goes unnoticed—victims generally don’t know they’ve been compromised until receiving instructions on how to decrypt their files. Prices to recover access vary, but there’s no guarantee the files will be usable or even delivered, anyway.
To say that ransomware causes technical difficulty is an understatement. Without the proper preparation, an attack can bring your business to a grinding halt and put your critical information at risk. Fortunately, ransomware attacks are both avoidable and containable by following fundamental security and disaster recovery best practices.
User education is the first line of defense in avoiding ransomware—people should not be clicking suspicious links or visiting websites that are known carriers of malvertising networks. We know, we know: but people are the worst! That’s why a disaster recovery plan is essential to any ransomware preparedness toolkit. If you do fall victim to a attack, being able to restore your data from your backups will mitigate the damage done and allow you to maintain business as usual.
Rapid7 solutions enable customers to come up with a cybersecurity plan to detect and respond to incidents. Using Rapid7 products and services you can:
Learn more about ransomware: