In the first season of STWCast, the partners of STWBrasil and guests will address topics in the areas of technology, cybersecurity, and forensic expertise. The first episode was about one of the biggest problems today, ransomware.
Experts Marcelo Nagy, Leandro Morales, Adnan de Castro, and Renan Cavalheiro discussed the topic and talked about the necessary actions to take against this threat.
What is ransomware?
Ransomware is a type of malware, a malicious program that damages a company by hijacking the data from its computer network.
This malware encrypts files on the machine, such as servers or workstations, and demands a ransom payment, usually in cryptocurrencies, to provide the decryption key.
Adnan de Castro, postgraduate in Digital Forensic Expertise, mentions that there is also a type of ransomware that functions as a mask, without encrypting the data. This malware alters parts of the document, such as the header, preventing the machine from locating the file, leading to the belief that the data is encrypted.
What makes ransomware so dangerous?
According to Renan Cavalheiro, postgraduate in Cyber Security and MBA in Information Security, this type of attack is one of the biggest problems today because it has the ability to generate profit for cybercriminals.
He says that throughout the history of computing, malicious attacks have evolved from a virus that damaged your hard drive to malware that attempts to monetize the attack.
Today, because it is one of the most profitable forms of attack for criminals, ransomware attracts various organizations, typically international, and malicious individuals seeking significant financial gains.
How can ransomware affect your company?
Ransomware can severely affect a company because it impairs data availability and integrity, causes business interruptions, financial losses, reputation damage, and legal impacts.
Companies of all sizes are vulnerable to this type of attack, and often, because they are highly sophisticated and organized groups, criminals make data recovery extremely challenging.
How to prevent this type of attack?
The best way to prevent a ransomware attack is to invest in prevention and cybersecurity measures, such as:
- Having a well-structured security policy;
- Performing regular backups and keeping them in secure locations isolated from the main network;
- Keeping operating systems and software up to date;
- Implementing security solutions, such as antivirus and firewalls;
- Educating employees about cybersecurity best practices, such as avoiding opening suspicious emails or clicking on unknown links.
Marcelo Nagy, director of STWBrasil and postgraduate in Cyber Security, emphasizes that “it is important to understand that backups, whether of local machines or servers in the cloud, if they are on the same network as other servers, are susceptible to being attacked by ransomware. These ransomwares have the ability to search for vulnerable machines on the network and, if they find the previously made backup, they will encrypt this data, compromising one of the main recovery measures after an attack.”
“My company was a victim of an attack, what should I do?”
If a company falls victim to a ransomware attack, it is crucial to have professionals specialized in security incident response.
These experts can help identify the attack vector, analyze the compromised environment, preserve evidence, and restore secure backups.
In extreme cases where it is not possible to recover the data without paying the ransom, it is important for the company to seek legal advice and consider all options before making a decision.
Paying the ransom is a difficult choice because it can encourage criminals to continue with this type of criminal activity, but in some cases, it may be the only way to recover the data for business operation.
This is why having professionals who understand the logic behind these types of attacks and who are not emotionally involved with the company is essential to reach an appropriate solution to the case.
Conclusion
In an increasingly challenging digital scenario, the threat of ransomware remains persistent and complex. Understanding the specifics of this attack is essential for data and system security.
To further deepen your knowledge on this topic, watch the full episode of STWCast, where we discuss in detail the tactics of cybercriminals and the necessary defenses.
Click on the link below to access the episode now and understand how you can protect your company against cyber threats.
