The business of ransom is not new[1], it is based on hijacking or holding back something of value to someone and then asking for a ransom for it. In the case of Ransomware what is hijacked is the digital information we have in the devices to which the attackers gain access. They do this by encrypting the information, which is thus completely illegible, and asking for money in return for the decryption key to decipher it. It is a business designed to be very lucrative for these reasons:
- It is simple and everyone understands it: they won’t return your data until you pay the ransom requested.
- The harm that can be done to the victim is immense, information is the most valuable asset that we handle and many times we are not aware of it until an incident of this type happens.
- The amounts requested are affordable, compared to what it would cost to rebuild it all again if the users did not have their information protected.
- Even if you are a victim of a crime, no one will defend you, and
- In the end, many victims end up accepting it as a lesser evil, because in the end, they consider that the error has been theirs.
Ransomware As a Service, an „innovative“ business model
In fact, this malware is so lucrative, that cybercriminals have gone a step further, innovating even in the business model and creating the Ransomware As a Service (RaaS). In this model, anyone, even those without any knowledge of code, can create this malware online, by paying for the service or a percentage of the rescues obtained from extorted users and companies.
Given the evolution of the business of Ransomware and given the profitability that it generates, the attacks will continue reaching both individuals and companies, so it is advisable to follow basic security practices and be disciplined with them, to protect yourself:
- Implement a correct and solid strategy of backups and information recovery, something critical in these attacks.
- Quickly install security updates for your system
- Ensure that the updated security software is installed
- Do not click the links included in unsolicited emails (SPAM).
- Verify that the senders that send attachments are trusted and confirm the sending of files before opening them.
- Do not visit unsafe websites.
We have emphasized in the first place having a correct backups policy, because it is what will allow us, in case of attack, to all our information, and therefore to return to normal work in the least possible time.
Correct Backups: The 3, 2, 1 Rule
Although in principle making correct backups seems trivial, it is advisable to follow a fundamental rule: the rule of 3, 2, 1, which consists of „three copies, two formats and one file outside the network“. That is to say:
- You must have three updated copies of the information,
- generated in two ways or in two different formats, for example a direct copy of all the information and another packaged in zip format, and finally,
- have one of the copies outside the office, in a different physical place.
It is necessary to have well implemented the system of generation of backups fulfilling this rule, reason why having a SMiD solution can be very convenient. SMiD automatically adds value to the backup system, generating a copy of the information in a different way and saving it out of the site. All of this complying with the European privacy and security regulations.
[1] https://en.wikipedia.org/wiki/Ransom