Ransomware attacks take two forms, according to Kaspersky Lab`s Emm. One form is extortion, where data is encrypted until the victim pays to get it back, and the other is targeted attacks focused on damaging data, such as the "ExPetya" attack.
"It wasn`t possible to get the data back, so clearly this was an attack designed to eradicate data rather than to try and squeeze money out of victims," he said.
It is dangerous to pay the ransom as victims are unlikely to get the data back anyway, Emm says. The key to dealing with ransomware is limiting exposure and mitigating the risk. For instance, limiting data access rights within an organization reduces exposure. Segmenting the network and having a back-up of data will also achieve these aims.
Emm recommends the "No More Ransom" collaboration between Kaspersky Lab, McAfee, the Netherlands` National High Tech Crime Unit and Europol`s European Cybercrime Centre, which helps ransomware victims to retrieve encrypted data. He says they have been able to decrypt data in around 30 percent of cases and helped around 29,000 people.
Cloud computing is still at risk from cyberattacks, warns Emm. While the cloud provides a good back-up of data, there`s a risk depending on when the cloud synchronizes with data affected by ransomware; if it synchronizes at the wrong time, the encrypted data could overwrite the clean data in the cloud.
"I`m not saying don`t use that as a storage medium. I would say maybe have different approaches. But definitely include in that mix a back-up to a physical storage device, such as a USB or a server somewhere, but bear in mind that any ransomware on a system could look around at what drives are connected and encrypt data there too," he says.
Dramelin
DeveloperCras justo odio, dapibus ac facilisis in, egestas eget quam. Curabitur blandit tempus porttitor. Vivamus sagittis lacus vel augue laoreet rutrum faucibus dolor auctor.
0 comments:
Post a Comment