This malware can become an expensive affair to restore systems. Repairing the damage caused usually requires a lot of human and financial resources. Especially when business operations come to a standstill as a result of the attack, such an infestation with ransomware can quickly threaten the existence of a company.
In addition, in most cases the blackmailer demands a “ransom”.
The ransom is due in order to regain access to the data or systems. If the data has not been fully backed up or if the backups made are also encrypted, it may be necessary to pay the demanded ransom. This should usually be paid in bitcoins.
Ransomware is malware, also known as crypto trojans or extortion trojans in the German public, which uses cryptographic methods to encrypt a user's files and thus deny him access to them, sometimes even to the entire file Computer system and the connected network.
In the last six years in particular, there has been a sharp increase in attacks with ransomware.
In the meantime, a separate business model has been formed under the keyword Malware-as-a-Service. Currently, e.g. The Emotet malware, for example, poses a major threat.
Even visiting an infected website or opening file attachments can lead to those affected becoming infected with the ransomware.
Infection with ransomware usually takes place via a Trojan attached to a file. A classic gateway is an email attachment in the form of an Office document that is opened by the user or a link in the email to download a file.
Other possible gateways are infected websites to which victims of ransomware are directed or prepared devices such as USB devices (USB sticks, mice, keyboards) and memory cards.
Technically advanced variants such as the "WannaCry worm" or "Emotet" can continue to spread independently in the network after the initial infection, even without user interaction.
When infecting a computer, the Trojan sometimes disguises itself as an obvious and useful application for the user.
The basic protective measures against ransomware are firewalls and antivirus programs. However, these alone cannot prevent infection with malware.
Organizations that want to protect themselves from the dangers of ransomware and other malware should conduct regular penetration tests, in which the organization, networks and systems are checked for potential security gaps and vulnerabilities through which infection can occur.
For example, as part of a vulnerability analysis, professional penetration testers check whether the existing security precautions are configured and used correctly. Whether the software used is up-to-date and secure and whether employees and those responsible are being tricked into opening e-mail attachments or divulging their log-in data by fake e-mails (phishing).
Anyone who wants to rule out or minimize risks for their company or organization should therefore have their own IT security tested regularly through external and internal audits.
If you discover that your computer is infected, you should immediately disconnect it from the network, but not shut down the system. Immediately contact IT security contacts who can assist you in investigating, preventing, and remediating the infestation. As a result, reporting it to the police can make sense; for this purpose, the so-called ZACs (central contact point for cybercrime) of the respective federal states.
IT security specialists help with decryption and future prevention of future incidents
