Tuesday, October 30, 2007

Ransomware Is Back In Style

Ransonware is nothing more than a cyberholdup. It's the virtual equivalent of extortion. Someone, usually a criminal, has either hijacked some files or planted malware on your system, and threatens to act unless you pay up.

Here are four tips from CSO's Threat Watch by Scott Berinato:
  1. Don’t panic. It’s natural to freak out when important files go missing, especially when someone is claiming to have the power to publish them on the Internet. Don’t panic. Lead.
  2. Don’t pay. Paying extortion fees only invites more extortion. Payment should be a final, desperate option and only when negotiation experts say it’s your best option.
  3. Assemble a team. Include encryption experts who might be able to unlock the files, security researchers who can look for the source of the attack and troll for intelligence, and someone skilled in negotiation if the situation becomes more serious or the attackers try to establish contact.
  4. Create awareness. One of your biggest threats in this situation is an emotional user who thinks his career and/or life can be ruined by this development. Make sure users don’t act on their own behalf, and create an environment to help them contain what is sure to be an emotional response to the ransomware attack.


Post a Comment

<< Home