Why does Cybersecurity knowledge stop ransomware attacks?

August 23, 2022

Knowledge increases your awareness. And it helps you stay alert to protect yourself. Ransomware is just one type of malware. But it also does specific things like encrypting your files and holding your data hostage to extort for ransom money. The point is how you can prevent malware from executing. And how you can recover.

A knowledgeable person would refrain themselves from greed and randomly running programs off the internet or using pirated software. A knowledgeable person would keep their computer software up-to-date. And would not be fooled by internet scam messages. Furthermore, a knowledgeable person would ensure they have a proper data backup strategy, so they could restore their data in event of an attack or disaster.

Against ransomware, the first piece of knowledge everyone misses is, that your files are not going to come back. Even if you pay. Even if you pay them twice. So, no use paying. Just clean the infected machines and restore them from backups. This is the economy. When no one pays, there is no economic sense of ransomware, it’ll just be vandalism and nothing else.

And obviously, your users must be educated not to be the prey of cyber-attacks (e.g. phishing, clicking on suspicious links, downloading unauthorized software, etc.), but that’s a part of hygiene and doesn’t specifically apply to ransomwares.

What minimizes the chance of ransomware attacks is following the appropriate policies to prevent it on a consistent basis. Employees don’t even need to ‘understand’ in great detail why a policy exists, as long as they follow it.

You know how they say the ‘human’ element is always the weak link?

All it takes is for one employee to make a mistake. That’s why a lot of companies drill the policies over and over again for their employees. While at the same time trying to minimize employee access to unnecessary resources.

For example, it’s common practice for most employees to not have local admin rights to their laptops. We even disable USB storage devices. Those of us who do have these privileges need to demonstrate a high understanding of the risks on a regular basis. Some companies even randomly test employees with fake phishing schemes. Falling for their results in additional training. Falling for it again could lead to dismissal!

The problem with most ransomware is that there are better ways to stop these attacks now. Various companies have now specialized in fighting ransomware and managed to decrypt many systems that were under attack at no cost. They basically reverse-engineer the ransomware to find out how to undo the damage. This makes ransomware less useful against small targets where the ransom won’t be high. After all, they need to earn back the costs of developing the ransomware.

Ransomeware can be mitigated by frequent, high-quality data backups that are stored offline from the target systems and kept for a reasonable period of time. That way if your systems are compromised you can restore the data. Use an effective anti-malware application on the endpoints to detect and quarantine the ransomware to avoid spreading.

Sam Fareed

Lead Instructor qualified in CISSP, CCIE, and MCT with 25 years of training experience in Toronto.