Over the past few years, we have seen a large uptick in ransomware and the havoc that it can cause organizations. A recent IDC report shows that 79% of those surveyed activated a disaster response, 83% experienced data corruption from an attack, and nearly 60% experienced unrecoverable data.1 In response to these growing attacks, businesses that rely on ‘always on’ availability and avoiding downtime are focusing on the best strategy to align cyber security practices with the best means of protection against ransomware. To best protect your organization, you must grasp what ransomware is as it is evolving and what the anatomy of a ransomware attack looks like.
What is Ransomware? – An Overview
According to the Center for Internet Security, ransomware is a type of malware that blocks access to a system, device, or file until a ransom is paid by the attack victim. Ransomware encrypts files on the infected system, threatens to erase files, or blocks system access for the victim. The ransom amount and contact information for the bad actor is typically included in a ransom note that appears on the victim’s screen after their files are locked or encrypted. Sometimes the bad actor only includes contact information in the note and will attempt to negotiate the ransom amount once they are contacted.
What are the common events that trigger and lead to a ransomware attack?
Some of the most common ways ransomware infections occur are through:
- Malicious emails with compromised links or attachments
- Poorly secured network ports and services, Remote Desktop Protocol (RDP) that can lead to a network compromise. (e.g., Phobos ransomware variant).
- A compromise by another malware that leads to an infection of ransomware.
Additionally, there has been an uptick in bad actors that are targeting managed service providers (MSP) to further push out the ransomware to multiple entities that are under their management. These types of events happen when an MSP is compromised, and the bad actors use their infrastructure to disseminate and distribute the ransomware to the MSP’s clients. Not only does this compromise of the MSP broaden the bad actor’s attack vector, but also exploits the trust between the customer and their MSP.
Continue reading at Zerto.
Are you ransomware-ready? For more best practices and a checklist to follow, check out Zerto’s Ransomware Readiness 101 Guide.