Ransomware is a malicious malware used by cyber criminals to illegally encrypt business’ data with the aim of extorting money for the releasing of the affected data and systems.
Common ways of getting ransomware into a business’s digital environment include:
- Emails to staff with attachments or links leading to the malware
- A vulnerability in out-of-date software being exploited (like the NHS Wannacry attack)
- A compromise in the supply chain that leads to malware reaching the environment
- Social engineering where people are deceived into carrying out actions that lead to the ransomware reaching their digital environment
All it takes is for the ransomware file to be opened, and the company network, devices, and data will start to be encrypted, and a demand for payment for them to be unlocked will quickly follow.
Cyber criminals continue to target companies small and large due to the potential illegal earnings available from victims who feel they have no alternative but to pay the ransom for the releasing of their data and systems.
The alternative to paying the ransom is to try and restore the data from backups. This is disruptive and stressful and often takes many weeks to complete. The services of an Incident Response company are usually required for carrying out remediation, investigation, and to advise on how to close the gaps that were exploited.
Traditional Security Approaches
Common security tools for protecting the network perimeter, endpoints, and data, offer some protection against ransomware, but were not designed for recognising and stopping ransomware attacks.
A known misconception is that ransomware only targets large companies and organisations. This couldn’t be further from the truth because small companies are usually in a supply chain with many other businesses, which is a vulnerability, but also, they can be less likely to have the required IT resource to patch all systems as soon as updates become available.
The UK Government is currently proposing a payment prevention scheme for all ransomware victims to engage with the authorities and report their intention to pay a ransomware demand. But the thought of paying the ransom is not only unpalatable, it also doesn’t guarantee repeat attacks will not occur.
This has accelerated the need for a security layer dedicated to recognising and stopping ransomware attacks, as well as removing any that evade the security layers.
The Answer: Purpose-built Ransomware Protection
Halcyon’s security platform is built from the ground up to recognise the behaviour of ransomware, stop it in its tracks, and in the unlikely event of a breach, will seamlessly decrypt all affected data and devices to keep your company running.
And in the even less likely event that a previously unseen strain of ransomware evades the platform, Halycon’s Incident Response team will work tirelessly to decrypt your data and devices.
The Halcyon platform runs quietly in the background on your devices just like endpoint protection software, and to date, no Halycon customers have paid the demands of a ransomware attack.
Read more on the solution here.
Cyber criminals target everyone either directly or indirectly. If a successful ransomware attack could be disruptive to your company, people, or supply chain, contact us today to discuss your needs and hear how we’re helping other companies to robustly respond to ransomware threats.
With Halcyon you will never have to consider making a ransomware payment.
