Ransomware! How does malware get into the company?

Ransomware – A form of digital blackmail

Ransomware attacks are arguably one of the most widespread attack methods that cyber criminals use to harm companies. The attack method of digital blackmail aims to encrypt as many company-internal files as possible automatically. They should thus be made unusable for the company. The internal information can only be accessed again if the organization pays a ransom to the criminals and in return receives a decryption code for their unusable files. Encrypted files lead to production downtimes, reputational damage and financial losses in companies.

A complete and up-to-date data backup provides a remedy for this from a technical point of view. With this, you can quickly restore all lost information. In order to be able to reverse the effects of such an attack in a reasonable time frame, a sufficient and above all tested backup and restore concept must be in place for the company.

How does ransomware get into the company?

In most cases, cyber criminals use the human factor to smuggle in such malware. Bypassing technical security measures, for example in firewalls, is either not possible or involves a lot of effort due to adequate protection.
Authentic-looking e-mails that are personally addressed to an employee, on the other hand, offer a better option from the attacker’s point of view to allow an employee to unconsciously install malware himself. In many cases, e-mail attachments such as Word files with macros are the starting point. For example, if an employee clicks on an alleged application in the e-mail attachment, the ransomware is automatically activated in the worst case. In a short time all files to which the user has access are unusable. As a rule, these are not just your own files, but also files on network drives that are available to other staff.

Protection against ransomware

In order to protect your company from successful ransomware attacks, a large number of technical measures must of course be implemented within the IT infrastructure. Regular installation of software updates, the use of up-to-date virus scanners or the company-wide deactivation of Office macros can help. Nevertheless, computer viruses such as ransomware are becoming more and more technically mature, so that they may bypass the protective mechanisms of anti-virus scanners. If there is also the fact that employees are not aware of the correct handling of dubious e-mail attachments, it can happen that they unknowingly install the malware themselves. This is possible because, for example, macro elements in Word or Excel files are deliberately activated, although these are not automatically executed by the system.

Ultimately, criminals take advantage of a lack of awareness among employees to attack companies. Here you have to make sure that your employees receive regular training. These should convey the possible dangers as practically as possible. Interactive security awareness training courses help to sensitize your employees sustainably and sufficiently. We are happy to support you in this.

Here you can find out more about our eLearnings or our training courses.

Ransomware and privacy

If internal company data is encrypted by a ransomware attack, one of the top three protection goals in data protection, availability, is no longer guaranteed. So if documents containing personal data have been encrypted, there is a data breach within the meaning of the GDPR. The supervisory authorities also share the opinion that a ransomware incident has grounds for a data breach that must be reported to the supervisory authority. This can be seen in the guideline on reporting breaches of personal data protection. Particular caution is required if personal data of special categories are also affected by the incident. Then, due to the sensitivity of the data, there is also an obligation to inform the data subjects.

Find out more about this topic from our IT security specialists in our current YouTube video.

Always stay up-to-date and subscribe to our YouTube channel!

If you want to put your IT security to the test, we are at your disposal for an audit of the entire company or of parts of your company. Our experts are also happy to answer any other questions you may have about information security. Simply fill out our contact form or contact us at 08501 – 91927-0 or by email at info@aigner-business-solutions.com.

This post is also available in: German