Data encryption is important in helping protect confidentiality and integrity of the data. This form of cryptography will take plaintext and transform it into ciphertext using various methods and complexity. The scrambled data will require a decryption key in order to return it back into plaintext. Malicious actors will use encryption against a victim by infiltrating a network and injecting code to find and encrypt the target’s files. Then the miscreants will demand a ransom in order for the victim to obtain the decryption key and render them usable again.
If you should fall victim to this attack, what can you do?
Initiate your Incident Response Plan. Take care to assess the scope of the infection, isolate and preserve affected systems. If you have offline backups you can most likely restore your data. Ensure that you have removed the malware from your environment. If any user’s accounts have been compromised, reset them.
Federal agencies recommend that you do not pay the ransom. Besides the fact that these are crooks and cannot be trusted, you would be rewarding bad behavior by paying for it. There are no guarantees that the encryption key provided by the criminals will work. And if it does, how do you know they do not hold some of your files and can come back with more threats of releasing these on the dark web?
Backups are essential to business continuity. Create a documented backup schedule and maintain both offsite and offline copies. If you are unable to restore from backups there are resources that can possibly provide you with known decryption keys for ransomware variants. Contact the FBI. Visit the website: No More Ransom for access to decryption keys.
Resources:
What is encryption?