A ransomware attack is a malicious encryption of data to prevent its use until a ransom is paid to the attacker.
The attacker breaches the firewall security to install malicious software that encrypts part of all of the data on hard drives and network in order to make the system unusable or data inaccessible. In some cases, the malware is preprogrammed to unlock the data by reversing the encryption, when a valid code is entered. The attacker reveals the code after the ransom is paid.
Attackers typically demand that ransoms be paid in Bitcoin because of its anonymity. Moreover, Bitcoin transactions cannot be reversed.
While in some cases, security breaches are the result of highly skilled hackers, in many cases, they use targeted emails known as spear-fishing attacks. These emails are often-time forgeries of something the recipient would trust without question. The messages can be designed to appear like ordinary business correspondence so as not to around suspicion. Sometimes the messages are written to create a sense of emotional distress or other urgency. For example, an attacker may send a message claiming to be an angry customer that has attached an attorney's demand letter or a disputed invoice.
When the recipient opens the email attachments the malware automatically installs and may operate automatically or by remote operation from the attacker.
The attacker relies on the victim's need to access the encrypted information in a timely manner as well as the victim's desire to keep the matter from public view.
Defending against ransomware and other security breaches requires an effective perimeter and endpoint protection strategy as well as ongoing staff training. Most security penetrations are the result of human error and not security integrity.
Wirxly follows industry best practices to secure its systems and data. This includes continuous vulnerability and penetration testing along with routine audits and a defense-in-depth security strategy. As an added layer of protection, Wirxly uses a cold storage data protection strategy.
Cold storage typically refers to data that's either offline or not immediately accessible, meaning it cannot be retrieved instantly like typical online data. In the case of Wirxly, when your data is written to typical online storage, a separate copy of the data is also written to cold storage. The cold storage container uses a write-once data policy, sometimes called WORM, which only allows new information to saved. The data cannot be modified or deleted, which makes it a low value target for ransomware attackers.