The headline for June 27 is “Less than 1 week after Florida town pays ransomware gang ~$600K, another Florida town votes to pay ~$500K in BTC to ransomware gang”
My point of view is paying the ransom “only encourages them”.
So how does this work? The general idea is that someone in the town, school, or company network opens an email with the ransomware attached. It could seem to come from a friend or another department. But in fact it is an encryption bomb. Once loose in the system it encrypts everything it finds with a password only the criminal knows. When it has finished its dirty work, the request to pay up or forever lose your stuff comes.
Because the software that encrypts the data and files is tenacious, pretty much the only way clean it up for sure is to disconnect all the computers, do a hard complete wipe of their drives and reinstall everything. Then start over. But starting over gets tricky. If your backups are connected to the network, guess what – they are probably encrypted too.
As I see it the only way to deal with the threat is to first have an air-gaped (that is totally disconnected from the network) backup of your important data. The work of wiping and reinstalling all the computers on a large network is big. But not impossible. Given a clean backup of your data the rebuild just takes time.
If your continuity is super important, say a police department, the plan could include not only air-gaped backups but a small number of computers and servers that are safely kept ready to go but not connected to the network.
As a last thought, you probably cannot trust a continuously updated cloud backups such as a Dropbox folder as the encryption bomb will gladly encrypt those files as well.
Is there protection against ransomware? Probably not. But your can be sure that your data is safe and secure off line. You can have a, just in case plan, to wipe and reload you computers.
Ideally you do not open that infected attachment.