Ransomware in the change of time
How ransomware changes and what you should know about it
Ransomeware ist eine Form von Schadsoftware, die immer mehr KMU auf der ganzen Welt betrifft. In diesem Artikel erfährst du, wie du vermeiden kannst, von Ransomeware und anderen Cybersicherheitsrisiken betroffen zu sein.
Ransomware is a form of malware that has undergone a disturbing development in recent years and has become one of the biggest threats to companies, especially small and medium-sized enterprises (SMEs). How can SMEs effectively protect themselves from this growing threat?
Ransomware first appeared in the late 1980s and early 1990s when it acted as simple screen locks to prevent computer users from accessing their systems until a ransom was paid. These early attacks were often easily defeated.
Over time, ransomware evolved and began encrypting files on infected systems, preventing access to important data. The attackers now demanded ransom payments in exchange for the decryption keys.
The criminals became more sophisticated and used advanced techniques such as code obfuscation, exploitation of vulnerabilities in software and social engineering to achieve their goals.
One of the most worrying developments is the double extortion approach. This involves not only encrypting data, but stealing sensitive information in advance of the encryption and threatening to release it if the ransom is not paid. This strategy, known as “Breachstortion”, leads to additional pressure on the affected companies. In a further escalation step, in addition to the affected company, its suppliers and customers can also be blackmailed.
Protective measures for SMEs
Data backups: The be-all and end-all in a ransomware case is the availability of up-to-date and complete data backups. Nowadays, regular and reliable backups are, so to speak, the reinsurance of any company, regardless of its size. SMBs should back up critical data regularly and ensure backups are stored offline and off the corporate network.
Employee training: Employee awareness and training is a critical factor in preventing ransomware attacks. SMEs should educate and train their employees on phishing techniques and other scams to encourage them to report suspicious emails or links and not click on unknown sources.
Security software: using up-to-date and powerful security software is essential to detect and block ransomware before it can cause damage. Anti-virus programs, firewalls, intrusion detection systems (IDS) and other security tools should be deployed and kept up to date.
Network segmentation: By segmenting the network, SMEs can limit the spread of ransomware within the system. Critical data and systems should be placed in isolated network segments to prevent rapid spread.
Security policies and permissions: SMEs should establish security policies and access permissions for their employees. Access to sensitive data should be limited to only those employees who actually need it. In addition, all access activities should be logged and monitored.
Ransomware has evolved from a simple screen lock to a sophisticated and threatening malware that can have serious consequences for businesses, especially SMEs. To protect themselves from this growing threat, SMBs should implement regular data backups, regular employee training, up-to-date security software, network segmentation and strict security policies. By taking these proactive measures, SMBs can significantly minimize their chances of falling victim to a ransomware attack and best protect their business data and integrity.
Author: Dominik Schupp, Senior Research Associate Information Security & Privacy, Team “eBanking – but secure!” (www.ebas.ch), Lucerne University of Applied Sciences and Arts – Informatics