Ransomware FAQs
by Michelle Krasniak
Our team gets many questions when it comes to how CyberGRX can help in the fight against ransomware. Here's how we’ve answered some of the most common inquiries we get.
Can ransomware infect encrypted backups?
The purpose of backups is to have a copy of data that can be recovered…they’re not designed to protect against cybercrime. In fact, it’s common for ransomware attacks to target backup systems to prevent recovery. Additionally, backup disks can't determine if data is encrypted or not, so it could backup data encrypted by ransomware. Backups that are locally connected to an infected computer can be infected with ransomware and from there, it can spread to external hard drives or file servers as well as other computers on the network.
Unfortunately cloud storage doesn’t guarantee safety, either. Cloud storage solutions typically automatically synchronize their files with their local versions on your computer. This means that once your local files are encrypted by ransomware, the encrypted versions may also be transferred to the cloud.
Which files does ransomware encrypt?
To answer this question, we’ll break ransomware into the two most common types: locker ransomware and crypto ransomware.
Locker ransomware blocks basic computer functions, while still allowing you just enough functionality to, for example, interact with the ransom payment window. The rest of the functionality of the computer is removed. Locker malware doesn't usually target the critical files on your system… it just wants to lock you out.
Crypto ransomware is the type that wreaks the most havoc for organizations because it encrypts your important data, such as documents, pictures, and videos, but it doesn’t interfere with basic computer functions. Cyber criminals have been utilizing crypto ransomware against organizations more frequently because when they encrypt “mission critical” files, a business is more likely to pay the ransom.
Can an antivirus program protect against ransomware?
While antivirus programs can help prevent against direct ransomware attacks, bad actors have started targeting third parties who potentially have access to your organization’s sensitive information. The only way to protect yourself against this type of access is to ensure you have 360-degree visibility into the cybersecurity protocols of all the vendors you do business with. With said clarity, you can make informed decisions into prioritizing the remediation of the cyber risk that these third parties introduce.
Why has there been an increase in ransomware attacks?
There are a couple of reasons why there’s been an increase in the number of ransomware attacks. The first is the emergence of COVID-19 around the world. Bad actors play on the fear factor that accompanied the pandemic, and used the topic to get people to click on links in emails, open email attachments, etc.
There’s also the fact that organizations of all sizes and in all industries were distracted with the massive disruptions caused by the virus. Companies were struggling to stay in business, and if budgets had to be cut, oftentimes IT staff is some of the first to go. Alternatively, when time and attention is going towards keeping the business afloat, ensuring cyber borders are secure isn’t always at the top of the priority list.
A second possible reason for the rise in attacks is simply because more and more companies are paying the ransom to get access to their files returned. Unfortunately, paying the money doesn’t guarantee all the data is returned. In fact, studies have shown that only 8 percent of organizations who paid the ransom got 100 percent of their data back.
What is the difference between ransomware and spyware?
While both are types of malware, a file or a code designed to cause damage to a user's personal computer and network, spyware collects your personal information and ransomware blocks access to a system until a ransom fee is paid.
To learn more about how CyberGRX can help you manage your third-party cyber risk, request a demo today.