E-mail is one of the main means by which the ransomware virus penetrates computers.
How can I identify a suspicious email?
A virus-carrying email will contain a legitimate-looking invoice or purchase receipt. The only way to distinguish that this is not a legitimate email is by carefully examining the email address from which the message was sent.
The address will not be the same as the original address it copies, whether it is the address of a private person, company or corporation, but will closely resemble it. Only a small change will differentiate an original address from a fake one. In the case of the same e-mail address, the reliability of the content of the message can be examined. It is important to verify the reliability of the sender's address, the content and the nature of the request for action, along with technological backup of the information security controls.
What is the degree of responsibility of the human factor - the employees, in introducing a ransomware virus into the organization?
80% The cyber attacks that take place are caused by human error on the part of system users. That is, an active action such as clicking on a link, downloading a file or entering a website that contains a virus.
However, the ransomware also knows how to enter through open loopholes in the computer systems, without the direct intervention of system users.
Although today there is not a large amount of such loopholes, it is important to take this into account. In general, since the level of sophistication with which the viruses attack is so high today, one must be careful not to make accusations against the employees.
Is it possible to learn to avoid being infected with viruses?
Definitely possible and desirable. There are various methods of instilling habits of maintaining information security in the business, among other things through awareness training that is highly recommended. We know that most employees in businesses are not aware of the nature of the online world today, do not adhere to information security procedures and are not aware of the critical role they have in protecting the business .
Therefore, it is very important to convey the message of strictness and caution to their consciousness. Of course, the systems must be protected using information security solutions with several layers and hardnesses. Through prevention, identification, eradication, monitoring and control, it will be possible to catch the attackers. It can be done, but you should remember that you are never resilient.
Is it possible to decrypt the ransomware once an organization has already been infected?
In most cases no. There are types of ransom that can be used to open their encryption, but they are very few.
The encryption of the ransom virus is very complex, and in the vast majority of cases, the window of time in which the ransom has to be paid is short, what's more, the need of the business owners to return and function as quickly as possible - does not allow the opening of the encryption in that time window.
Shouldn't you just pay the ransom?
First of all, we will explain that the cyber attackers' demand comes in the form of a message that is left on the victim's computer. The notice details the amount he must pay, the details of the account he must transfer the funds to, and the time window he has to do so. As it were, the cybercriminals promise that once the stated amount is transferred, the encryption on the information will be released and the business or person can return to normal.
The problem is that in reality this is not something that should be trusted, and this is for several reasons: first, all the amounts requested may be very high and sometimes even reach tens of thousands of dollars. The problem is that in the end these are criminals, so their credibility is questionable. Today it is possible to get confused and think that this is a legitimate company - with a customer service center, graphic design for the ransom notices and all.
The bottom line is that these are criminals, if they don't want to release the files, they can't be forced to do so. Indeed, studies show that one out of five "customers" who pay the ransom - do not receive the code to open the encryption on their information.
There are quite a few free programs on the market today that promise to protect against a ransomware virus. Can they be trusted?
We test almost every new software that comes to the market and simulate its attack using all the viruses known on the market, from simple and average viruses to the most sophisticated and advanced ones. In our experience, the free protection software does not hold up, even against the simpler viruses.
In addition, it is worth remembering that viruses are constantly changing and improving, so there is no point in compromising and relying on software that can only withstand today's average attack, because even if it can protect against a specific virus, tomorrow it will no longer provide proper protection against a more advanced variation of that virus.
Not only are the programs themselves ineffective in most cases, they may also cause damage themselves. Sometimes the protection software itself can suddenly stop an important system of the organization, and it will be impossible to contact the companies that produce the software, since it is free software without support. In addition, the free programs also do not offer a convenient central management interface. If the business has more than ten computers, it already needs a quality management interface.
So the bottom line is, it's ineffective to rely on free protection software. This wastes time and may cause direct or indirect damage to the organization. Therefore, the preference is to choose software that you invest in - both in terms of the product and in terms of service and warranty. Anything free can sometimes be very expensive, all the more so when it comes to the heart of the organization - its information systems.
If it is a small business or a home user, is there any point in using free software?
When it comes to home use it is better than nothing. But if it is a business, it is strongly recommended not to choose free software, which can do more harm than good. In the vast majority of cases, paid software is preferable.
What is recommended for very small companies to do in terms of protection and preparation for cyber attacks? Isn't it enough to just back up all the organization's data and information on the hard disk at the end of each day?
In general, in order to be prepared for any scenario and not only in the cyber world, backup is the first thing to take care of. In extreme cases of various types of disasters, a business whose data is not backed up in a safe place may lose it completely.
Regarding the ransomware virus - there is no doubt that quality backups are the first thing to take care of. At the same time, it is a mistake to rely only on backups and not provide additional protections for the business's information system. First, due to the fact that the business was hit by a ransomware virus, the recovery time can be very long.
For example, a business of 30 computers that have all been encrypted, needs to restore a very large amount of data to the servers, and this can take days of work, at best. Add to that the need to format each of the computers and reinstall everything on it; It can take days and weeks. Also, there are cases where the type of damage that the viruses cause is not the encryption of the business's information, but the use of the business's secrets for extortion purposes.
Therefore, although a proper backup is necessary for any business, it is not the only thing that needs to be done. Just as a business located in a problematic neighborhood knows that it must install bars, alarms and additional protection systems, so we need to understand that today's cyber world is a particularly problematic neighborhood, and we must prepare accordingly.
