The first step to creating an effective cyber security strategy is arming yourself with knowledge. It is for this simple reason that we have decided to tackle the myths around ransomware, giving you the hard facts for your own protection.
Myth #1: Ransomware only targets big companies, which means that small/medium businesses don’t have to worry
Truth: Hackers see small businesses as an easy target, because smaller organisations typically do less to protect themselves, while large enterprises have big budgets to spend on cyber security systems.
Realistically, it’s easier to mess with the small fries, than attack a giant. Cybercriminals are also smart in how they approach the attack – they’re not asking for big bucks. To unencrypt the files, they ask for an amount of money that is significant but acceptable to the victim – just enough to make a profit, but still small enough that the victims are likely to pay.
Long story short: Everyone is a target. Some are just easier targets than others.
Myth #2: There are enough tools available on the interwebs to affordably decrypt my files if a ransomware attack happens, so I don’t have to worry
Truth: Only a small number of ransomware viruses have actually been effectively removed, and most of these are already outdated. This is because it’s incredibly difficult to reverse engineer the ransomware to get the algorithm used to generate the encryption key. This means that if you’re thinking about paying for ransomware decrypting software, it’s simply another chance for you to get ripped off. In some cases, people have paid more money for a ransomware decrypting solution (that usually turns out to be fake!) than they would have paid for the ransom itself.
Long story short: There is no quick fix available to beat ransomware.
Myth #3: I’ll be able to recover any data that was encrypted by ransomware from a backup without paying the ransom
Truth: More than half of ransomware victims fail to recover their data from backup. Incomplete backup recovery is usually because of unmonitored backups, loss of accessible backup drives that were also encrypted, and results in the loss of between 1-24 hours of data (if not more) from the last time a backup was made.
Long story short: It’s time to review your computer security backup policies and procedures. Before it’s too late.
Myth #4: Ransomware mainly comes from dubious websites, so all I need to do is stay away from them
Truth: Infected emails containing malicious links or attachments are the main sources of ransomware contaminations. Most infections happen through ‘drive-by’ downloads. These happen when a user visits a website, or search engine, where a virus writer has purchased an advert on that page or engine.
Long story short: Ransomware can come from anywhere. If you’re using a device with an internet connection, you’re at risk.
Myth #5: I have anti-virus, so I don’t have to worry about ransomware
Truth: The cybercriminals who create and distribute ransomware have figured out how to circumvent even the best antivirus software. This is because ransomware is extremely lucrative for them, so it makes sense for them to use all their tech-smarts to thwart security measures taken against them.
This doesn’t mean you can give up on anti-virus entirely, however. Running a good antivirus tool with regular updates and diagnostic processes enabled, will block some ransomware attacks. Brand new variants will still get through, but you will be protected from an overwhelming multitude of older versions.
Long story short: There is no single method of guaranteed protection against ransomware.
Myth #7: Attacks are quite rare because only big hacker groups are able to create ransomware
Truth: There is no longer any significant barrier to entry in the ransomware market, thanks to the Dark Web. Now, Ransomware-as-a-Service programs are readily available, which means that criminals no longer have to be technically-inclined to execute ransomware attacks that use complex encryption. It’s as easy as buying a ransomware subscription on the Dark Web, to unleash cyber fear on unsuspecting victims.
Long story short: Ransomware attacks happen every day. More than 4000 ransomware attacks have taken place daily since the beginning of 2016.