Call (716) 373-4467
15Aug

Ransomware is a Real Menace

On average, a business is infected with ransomware every forty seconds. That is shorter than the approximately time it will take to read this article.

Ransomware is a nasty form of malware that viciously and unapologetically infects your computers and servers. It can spread like wildfire across your network environment in a matter of seconds, leaving your data and files encrypted, inaccessible and held hostage until you pay the attacker a ransom of their choosing.

How can information be held hostage? By encrypting it. The ransomware will encrypt hard drives and files until a ransom is paid in exchange for the decryption key.

The ransom is arbitrary and defined by the hacker. The payment method is always a type of digital currency, such as Bitcoin, which allows the hacker to remain anonymous.

Obtaining the digital currency to pay the ransom is not as easy as one would think. The buyer must have a digital wallet, must trust an untrustworthy transaction (there are no actual banks involved) and is subject to a very dynamic and unpredictable digital currency market. Ransom fees range from a few thousand dollars to a few hundred thousand dollars.

Lastly, paying the ransom does not guarantee the hacker will actually provide the decryption key. Remember this is a transaction with a criminal. In fact, the FBI officially recommends that ransoms are not paid to hackers for a number of reasons:

  • One, you may pay for a decryption key and never get one in return.
  • Two, if provided with a decryption key, it may or may not work.
  • Three, once a hacker knows that you are willing to pay a ransom, they will likely re-infect your computer / network again and again until the technical vulnerabilities are actually remediated. Paying ransoms will encourage more attacks and prioritizes you as a great target.

Unfortunately, the ransom itself is not the only expense associated with the attack. Many ransomware attacks lead to downtime and some even lead to total loss of data and / or hardware. The real expense is associated with the outage caused by the ransomware and the effort to eradicate the malicious code and then recover system functionality. Click here to calculate the cost of downtime and recovery for your business.

To make matters more challenging, the vast majority of ransomware attacks are executed by highly sophisticated criminal organizations with the intent of financial gain. The attackers are smart and motivated. They are not launching ransomware attacks just for fun, it is big business and business is booming. Year after year we see more variations of ransomware created, more infections occur and more ransoms get paid.

The threat and impact of ransomware infection is real and there are essentially two things one can do to address it. The first is put effective cyber-security controls in place to prevent the infection. The second is to have recovery methods in place if an infection is detected..

Steps to Address the Threat of Ransomware

Prevention

1. Awareness Training – The vast majority of ransomware infections are the result of phishing scams. An unsuspecting user clicks on a link or opens an attachment and unknowingly downloads the malicious code. Security awareness training can teach people how to use technology in a secure fashion, thus preventing a huge source of malware and ransomware outbreaks. Contact Databranch today to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.

2. Vulnerability and Patch Management – Unpatched computers and systems are often the cause of ransomware infections. Routine vulnerability scanning should be used to detect Common Vulnerabilities and Exposures (CVE). Scan results will identify systems and computers that need operating systems and applications updated with current patches. Neglected systems are incredibly easy to compromise. Vulnerability Scanning and System Patching should occur on a regular basis because new vulnerabilities are discovered daily and software patches are released weekly, if not immediately by vendors to fix security flaws. It is important to implement a formal vulnerability and patch management program to keep systems current and secure. Databranch offers a free baseline security assessment here.

3. Anti-Virus / Anti-Malware – Anti-virus / Anti-malware software provides critical protection against all types of malware, including ransomware. Not all ransomware will be detected by Anti-virus software, but most of it will be detected and either quarantine or removed before it has a chance to do any material damage. It is imperative to install Anti-virus software on all computers and servers. It is equally important to keep the Anti-virus software current. The latest version of the software should always be in production.

4. Email & Web Content Filtering – Many email and web filtering content technologies have the ability to scan inbound transmissions to detect malicious code. Consequently, ransomware can be detected and quarantined before the end user accidently clicks on a link, downloads a document or runs and executable containing malware.

5. Secure Remote Access Technologies – Secure remote access technologies such as a Virtual Private Network (VPN) should be used to access an internal, or private, network from an external, or public, location. There are many insecure remote access technologies such as Remote Desktop Protocol (RDP) that are effortlessly compromised, allowing ransomware attacks to succeed.

Recovery

1. Incident Response Plan – An incident response plan provide an organized approach to detect, eradicate and recover from cyber security incidents, including a ransomware outbreak. The plan offers structure and reassurance during the most chaotic and stressful situations. Creating an incident response plan is a fundamental component of being prepared to recover from a ransomware infection.

2. Network Segmentation – Computer networks that are logically or physically segregated from each other are very useful in containing a ransomware outbreak. Assuming that computers reside on one logical network and all servers reside on a different network; if a PC is infected with ransomware it will not spread to infect servers and vice versa. This makes recovery much more practical and obtainable. If all assets reside on the same network, the likelihood of the ransomware infection spreading and encrypting everything is very high.

3. Effective Data Backup Strategy – Reliable and current data backups allow one to recover from ransomware attacks by simply restoring systems, applications and files to a previous and non-infected state of operation. Backup jobs should be configured in accordance to system criticality, monitored for success and routinely tested for recovery assurance. It is also good practice to have multiple copies of backup files stored on different types of media and in different locations.

4. Disaster Recovery Plan – A disaster recovery plan has several key components, one of the more important ones being a step by step recovery procedure. Reliable and current data backups are only useful if they can be used in a successful recovery effort. Be sure to document this procedure and test its effectiveness at least annually. If you would like to learn more about Databranch’s disaster recovery solutions, click here.

How Databranch Can Help

Ransomware is an incredibly popular, effective and profitable cybersecurity attack. It is a real menace. The good news is that the right prevention and recovery tactics will prepare anyone to address the threat of ransomware with confidence and success.

Contact Databranch today at 716-373-4467 x 15 or [email protected] if you would like to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.

 

Article used with permission from CyberStone.

comments powered by Disqus
Access Control Administrative Privileges AI AI algorithms AI in Cybersecurity Annual Security Training Anti-Virus Artificial Intelligence Authenticator App Automation Backup and Recovery Backup Redundancy BCDR BEC breach prevention Breach Prevention Platform Breaches business continuity Business Continuity and Disaster Recovery Business Email Compromise Business Email Compromises Business Growth Business Phone System Business Software BYOD Call Directory Channel Futures MSP 501 Cisco Cloud Accounts Cloud Data Backup Cloud Infrastructure Cloud Security Cloud Solutions Compliance Comprehensive Cybersecurity Compromised Credentials Computer Installation computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Defenses Cyber Insurance cyber liability insurance Cyber Risk Management Cyberattacks Cyberinsurance cybersecurity Cybersecurity Awareness month Cybersecurity Breach Cybersecurity Culture Cybersecurity Strategy Cybersecurity Training Cybersecurity Webinar Dark Web Dark Web Monitoring Data Backup Data Backup and Recovery Data Backup Solution Data Breach Data Breaches Data Governance Data Loss Data Management Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Data Restoration Data Security deepfake Deepfakes Defense in Depth Denial of Service Device Security Disaster Recover Disaster Recovery DNS Filtering doug wilson employee cybersecurity training Encryption Endpoint Detection and Response Endpoint Protection field technician Foundation Security Gift Card Scams Hackers Hosted VoIP Hybrid work i.t. service provider Identity Theft incident response plan Incident Response Planning Insider Threats Internet Explorer Internet of Things Intrusion Detection Intrusion Prevention IoT Devices IT Budget IT Budgeting IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services IT Support Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed Clients Managed Detection and Response Managed IT Managed IT Provider Managed IT Services managed service provider managed services Manages Services MDR MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft End of Support Microsoft Office Mobile Devices MSP MSP 501 Winner MSP501 Multi-Factor Authentication Network Monitoring Network Security Network Testing Networking New Computer NIST Framework Offboarding Office 365 Outlook Outsourced IT password management Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery point objective Recovery Time Calculator Recovery time objective Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Risk Tolerance Rock-It VoIP RPO RTO RTO Costs SaaS SaaS Backup Scammers Scams security Security Assessment Security Assessments Security Awareness Training Security Defaults Security Key Security Scans SLAM Method Smart Tech Smishing SMS Social Engineering Social Media Security Software Integration Software-as-a-Service Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Budget Technology Infrastructure Technology Management Technology Plan Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling top-performing managed service providers Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Vulnerability Management Warning Signs Webinar Windows 10 Windows 11 Windows 8.1 Work Computers World Backup Day zero trust policy