Ransomware is evil, and it continues to prey upon thousands of businesses every year. Most infections are fairly quiet affairs: A small business gets infected, almost always by some employee opening an email attachment he or she mistakes as legitimate but that really contains the payload of a virus. Then several undetected hours later, all of the business' files -- at least those the employee had access to, which in a lot of businesses without good security and permissions policies is all of the files -- are encrypted, and demands for payment of a ransom in Bitcoin are made in exchange for the decryption key.
Of course, secure email use and employee behavior is a problem in businesses of all sizes, and there have been some high-profile ransomware infections. Most recently in the news was the attack on the San Francisco Municipal Transportation Agency (SFMTA), or Muni as it is known by Bay Area residents. Muni had to give free trips to all comers over the Thanksgiving weekend while it worked to restore access to its machines. The hacker who infected the utility also claims to have access to 30GB of stolen Muni data; the utility disputes this claim, but it is certainly possible.
If big government and large companies and hospitals can get infected, then everyone can.
I've written about ransomware in this space before, but that was ages ago in Internet time. In this piece, I would like to take a fresh look at approaches to combat ransomware. You will note that two of these approaches are predicated on preventing the infection in the first place, because -- as the old adage goes -- an ounce of prevention is worth a pound of cure. The other approach leaves a bad taste in anyone's mouth, but it is something that is worth discussing: If you have been victimized by ransomware, should you just pay the ransom, or are there other options?
To continue reading this article register now