Decoding Ransomware Protection: How Does It Protect Your Files?
Ransomware has become one of the most dangerous forms of malware. The last few years have seen a snowball effect with increasing attack volume and higher remediation costs.
The current costs to remediate a ransomware attack (if the ransom isn’t paid) are:
- 100-1,000 employees: $505,827
- 1,000-5,000 employees: $981,140
- Global average: $761,106
And if the ransom is paid, the other remediation costs don’t go away. In fact, paying the ransom demand doubles the cost to a global average of $1,448,458 to recover after a ransomware attack.
You may have noticed ransomware being talked about on your local news lately due to two high-profile attacks. One was on Colonial Pipeline (they paid the ransom), the other was on JBS, the world’s largest meat supplier with factories in 15 countries (it’s unknown whether they paid a ransom or not).
These attacks illustrate how devastating ransomware can be for a business and how important it is to have strong ransomware protections in place.
What Does Ransomware Protection Mean?
We can say “ransomware protection,” but what does that actually mean? To understand how protection works, we first have to know how ransomware works.
Ransomware is a form of malware designed to hold files “hostage.” It does this in one of two ways:
- Encrypt them so they become unreadable by the user.
- Hide them rather than encrypt them, with the same result of the user being unable to access them.
You can imagine what would happen if you tried to access your CRM program to open a customer file and suddenly the program wouldn’t work because the database of customer names and information was now encrypted.
Now expand that to all data on any business computers, servers, and cloud storage accounts, and you can see how ransomware completely shuts companies down.
Companies generally have just two main options if they want to get their operations back up and running. One is to restore their data from a backup (if they have one), and the other is to pay the ransom and hope the hacker comes through on their end of the bargain to decrypt the data.
Types of Ransomware Protection & How They Work
Ransomware protection is available in several forms. It can be found in operating system settings like Windows 10 and also through advanced threat protection systems that are designed to seek out and shut ransomware down.
Here are some examples of how that is accomplished.
Bait Files
Some ransomware protection systems use bait files. These are files that are on your hard drive disguised to blend in with all the other files you may have. However, these files are specially designed to detect and stop ransomware from spreading.
Ransomware encrypts files rapidly and then spreads to any other devices on a network that it can find. It then repeats the pattern.
Bait files are like fishing lures. These files are continuously monitored by the security provider and as soon as any ransomware activity is detected to be happening to the file, the workstation can be disconnected from the network and shut down to keep the infection from spreading to other devices or to cloud storage.
Blocking File Changes
If you turn on ransomware protection in Windows 10, it uses a change-blocking method to prevent ransomware from encrypting files or spreading.
What it will do is keep anything from altering your folders, which blocks the ability of ransomware to run its file encryption process.
If you type “Security” into your Windows search bar, you can jump to the Window Security area of your settings.
Go to Virus & Threat Protection, then scroll down to Ransomware protection and click on “Manage ransomware protection.”
You’ll see a slider to turn ransomware protection on. Once you do that, several default folders will be protected from changes. You can also add or remove folders.
One thing to note is that you’ll need to approve the apps that can make changes to a folder so you’ll be able to save files. For example, you might want to safe-list MS Word as an approved program to edit files in a folder.
Using Restrictions in Group Policy Objects (GPOs)
Microsoft’s GPO includes a number of Group Policy settings that define system and user behaviors.
GPO restrictions can be used to control the execution of files on an endpoint and to block suspicious activity that is typical of ransomware or another type of malware.
This type of policy restriction is like safe-listing certain actions, so if any program tries to execute an unsafe action on a file (like ransomware encryption) it’s automatically blocked by the Group Policy setting.
Are You Properly Prepared for a Ransomware Attack?
C Solutions can help your Orlando area business with ransomware protection that can keep you from becoming the victim of a costly attack.
Schedule a free consultation today! Call 407-536-8381 or reach us online.