Preventing Ransomware: Backup, Encryption, MFA
Key Points
- Ransomware attacks encrypt your data and demand payment, either threatening permanent loss or public exposure of your information.
- If the attacker aims to make you lose data, maintaining regular, reliable backups lets you restore files without paying the ransom.
- When the threat is data exposure, strong access controls (e.g., multi‑factor authentication) and encrypting data at rest prevent attackers from reading or releasing it.
- Keeping all systems fully patched with the latest software updates reduces the vulnerabilities ransomware relies on.
- Once a ransomware ransom note appears, prevention measures are largely ineffective, so proactive steps must be taken beforehand.
Sections
- Understanding Ransomware and Backup Prevention - The speaker explains ransomware attacks, distinguishes between data‑loss and data‑exposure variants, and stresses that regular backups are the key defense against paying a ransom.
- Preventing Ransomware Through User Training - The speaker emphasizes that educating employees to recognize malicious email attachments is the key defense against increasingly sophisticated ransomware attacks, offering immediate, practical steps organizations can implement.
Full Transcript
# Preventing Ransomware: Backup, Encryption, MFA **Source:** [https://www.youtube.com/watch?v=lIsWpCMBxHQ](https://www.youtube.com/watch?v=lIsWpCMBxHQ) **Duration:** 00:04:09 ## Summary - Ransomware attacks encrypt your data and demand payment, either threatening permanent loss or public exposure of your information. - If the attacker aims to make you lose data, maintaining regular, reliable backups lets you restore files without paying the ransom. - When the threat is data exposure, strong access controls (e.g., multi‑factor authentication) and encrypting data at rest prevent attackers from reading or releasing it. - Keeping all systems fully patched with the latest software updates reduces the vulnerabilities ransomware relies on. - Once a ransomware ransom note appears, prevention measures are largely ineffective, so proactive steps must be taken beforehand. ## Sections - [00:00:00](https://www.youtube.com/watch?v=lIsWpCMBxHQ&t=0s) **Understanding Ransomware and Backup Prevention** - The speaker explains ransomware attacks, distinguishes between data‑loss and data‑exposure variants, and stresses that regular backups are the key defense against paying a ransom. - [00:03:23](https://www.youtube.com/watch?v=lIsWpCMBxHQ&t=203s) **Preventing Ransomware Through User Training** - The speaker emphasizes that educating employees to recognize malicious email attachments is the key defense against increasingly sophisticated ransomware attacks, offering immediate, practical steps organizations can implement. ## Full Transcript
I've seen your family photos-- the weddings, vacations -- your financial information.
I've got it all. It's fabulous stuff, and if you ever want to see it again, you're going to pay me big.
So how do you make sure that doesn't happen to you?
Well, preparedness is important. What I was referring to in that attack is something called ransomware.
And in a ransomware attack, your data is sitting out here on some device.
And the attacker then is going to encrypt all of your data and make it so you can't see it anymore.
And then they're going to say, "If you want to see it, it's going to cost you." That's the ransomware attack.
And there's really two different variations when it comes to data with regards to ransomware.
One of those is the attack that says, "I've got your data and I'm not going to give it back."
So what could we do in that case? This is a case of data loss. And then the other type is,
"I've got your data and I'm about to give it to the world." So this is a breach. This is where
we're going to say "Your information is about to be released." Now, either one of these could be
devastating. It just depends on what it is that you're most concerned about and what it is the
attacker is trying to do to you. In the case of data loss, the best prevention is a backup.
If you have got a solid backup of all of your data, then when the attacker says, "Pay me or you
don't see this again", you just say, "Get lost [because I'm going to recover from my backup]".
If the case is "I've got your data and I'm about to release it to the world."
Well, now we've got to do something different because the backup won't prevent that from happening.
What could we do in those cases? Well, one of the things we need to do is make sure we have strong
access controls. I talked about this idea of multi-factor authentication [MFA] in a previous video.
We want to make sure that only the right people have access to this information, so the ransomware
attacker doesn't have access. Another big thing I can do is an insurance policy of encrypting
the data. Encrypting this will allow me to make sure that even if someone has the information,
they can't do anything with it. They can't read it, they can't release it. If I encrypted
it and I did a good job of that, then it's still secure. Those are the two main types of attacks,
and these are things that you should do now before you get the ransomware message. Once you get the
ransomware message, it's too late to do these things and make a difference. Then we could have
a discussion about whether you pay the ransom or not, and we may discuss that in a future video.
Another thing that you should do is to prevent in all of these attacks is do things like patch your
systems, make sure that you have all the latest software fixes on your system. I know it's not fun--
--here comes out a new update of the software on your phone, on your laptop, what have you.
If you don't have it, the chances are you've left the door wide open for an attacker. You could also add
things like anti-virus or endpoint detection and response capabilities. These sit on the device
depending on the type of device and will detect ransomware attacks and block them in many cases.
And then finally, a big point of this, if you're looking at this for an organization, is end user
training. The most common way that ransomware gets spread is it's through an attachment in an
email or something similar to that. We still have to be vigilant and remind people, don't click on
everything that comes to you in an email. And the ransomware attackers are getting better and better
and more and more convincing at why you should click on that. So we've got to stop that.
These are the defenses. So the bad news is the attack is real and it could cost you a lot. The good news is
there are things you can do right now to prevent it. Thanks for watching. Please remember to like
this video and subscribe to this channel so we can continue to bring you content that matters to you.