Internet users are increasingly exposed to numerous dangers from cybercriminals. Along with privacy-related issues, it is one of the things they are most concerned about. Every day users infect their computers with various types of malware, computer worms, and more. However, one of the ones that worries us the most lately is ransomware and how it affects our files. In this article we will explain why ransomware is a problem beyond losing files.
The first thing we are going to do is briefly explain what ransomware is. Then we will see why ransomware is a serious problem for our security and finally, we will give a series of tips to try to avoid it.
What is ransomware and how does it harm us
The moment we suffer a ransomware attack, what the malware is going to do is encrypt all our data on the computer where it has been executed. An important issue to keep in mind is that there is the possibility that all the data that we share on the local network is encrypted. Therefore, we must protect both our computer and the other computers with which we share network resources, if there are any, and then properly check the write permissions that they have.
What it is about is a data hijacking in which we will be prevented from accessing them. In exchange for removing this restriction and being able to recover our files again, we will be asked to pay a ransom. In this case, said economic transfer was made through bank accounts in countries located in tax havens, although the current trend is to do it with the payment of cryptocurrencies. An important question is whether we should pay the ransom. The answer is no, but there are several reasons, one of which is that sometimes the ransomware decryption does not work well and some of your data is lost.
Why is it a problem for our security
Once an attack of this type occurs, it will be a serious blow to us or the company that is affected. On the one hand, ransomware is a serious problem because it will cause a significant loss of time until we can work normally again. Regardless of this, we will be exposed to extortion or blackmail by cybercriminals. In this regard, we could be threatened with the disclosure of documents to the competition or other interested persons. This could mean a loss of prestige.
A typical ransomware attack would start, for example, with an initial process in which we could receive a phishing-type email. Then would come the execution and the privilege escalation in which the administrator permissions would be obtained. Then we would move on to defenses evasion and obtaining access credentials, and then move on to the network discovery phase to find out where the servers are and identify if there are backup copies. Finally, we would go to the lateral movement phase and finally the impact phase, where the files would begin to be encrypted. Here you can learn in depth how a ransomware attack works and the tools that we can use.
How to protect ourselves
We have already seen that ransomware is a serious problem for our security. Now we are going to comment on some measures that we can take to be more sure. although we must bear in mind that 100% security does not exist:
- If it is a business, develop an incident response plan.
- We must have a good backup policy.
- Also conducting awareness courses related to Phishing attacks and other security matters.
- Have strong passwords and additional authentication methods.
- Keep the software updated.
Finally, as you have already seen, ransomware is a serious problem that we must pay attention to, and it is still fully present for extortion. If you have been infected by ransomware, our recommendation is that you never pay the ransom, because you will never know if the encrypted files are really going to be returned to you, and, furthermore, you will be giving money to cybercriminals.
