On average, a business is infected with ransomware every forty seconds. That is shorter than the approximately time it will take to read this article.
Ransomware is a nasty form of malware that viciously and unapologetically infects your computers and servers. It can spread like wildfire across your network environment in a matter of seconds, leaving your data and files encrypted, inaccessible and held hostage until you pay the attacker a ransom of their choosing.
How can information be held hostage? By encrypting it. The ransomware will encrypt hard drives and files until a ransom is paid in exchange for the decryption key.
The ransom is arbitrary and defined by the hacker. The payment method is always a type of digital currency, such as Bitcoin, which allows the hacker to remain anonymous.
Obtaining the digital currency to pay the ransom is not as easy as one would think. The buyer must have a digital wallet, must trust an untrustworthy transaction (there are no actual banks involved) and is subject to a very dynamic and unpredictable digital currency market. Ransom fees range from a few thousand dollars to a few hundred thousand dollars.
Lastly, paying the ransom does not guarantee the hacker will actually provide the decryption key. Remember this is a transaction with a criminal. In fact, the FBI officially recommends that ransoms are not paid to hackers for a number of reasons:
Unfortunately, the ransom itself is not the only expense associated with the attack. Many ransomware attacks lead to downtime and some even lead to total loss of data and / or hardware. The real expense is associated with the outage caused by the ransomware and the effort to eradicate the malicious code and then recover system functionality. Click here to calculate the cost of downtime and recovery for your business.
To make matters more challenging, the vast majority of ransomware attacks are executed by highly sophisticated criminal organizations with the intent of financial gain. The attackers are smart and motivated. They are not launching ransomware attacks just for fun, it is big business and business is booming. Year after year we see more variations of ransomware created, more infections occur and more ransoms get paid.
The threat and impact of ransomware infection is real and there are essentially two things one can do to address it. The first is put effective cyber-security controls in place to prevent the infection. The second is to have recovery methods in place if an infection is detected..
Steps to Address the Threat of Ransomware
Prevention
1. Awareness Training – The vast majority of ransomware infections are the result of phishing scams. An unsuspecting user clicks on a link or opens an attachment and unknowingly downloads the malicious code. Security awareness training can teach people how to use technology in a secure fashion, thus preventing a huge source of malware and ransomware outbreaks. Contact Databranch today to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.
2. Vulnerability and Patch Management – Unpatched computers and systems are often the cause of ransomware infections. Routine vulnerability scanning should be used to detect Common Vulnerabilities and Exposures (CVE). Scan results will identify systems and computers that need operating systems and applications updated with current patches. Neglected systems are incredibly easy to compromise. Vulnerability Scanning and System Patching should occur on a regular basis because new vulnerabilities are discovered daily and software patches are released weekly, if not immediately by vendors to fix security flaws. It is important to implement a formal vulnerability and patch management program to keep systems current and secure. Databranch offers a free baseline security assessment here.
3. Anti-Virus / Anti-Malware – Anti-virus / Anti-malware software provides critical protection against all types of malware, including ransomware. Not all ransomware will be detected by Anti-virus software, but most of it will be detected and either quarantine or removed before it has a chance to do any material damage. It is imperative to install Anti-virus software on all computers and servers. It is equally important to keep the Anti-virus software current. The latest version of the software should always be in production.
4. Email & Web Content Filtering – Many email and web filtering content technologies have the ability to scan inbound transmissions to detect malicious code. Consequently, ransomware can be detected and quarantined before the end user accidently clicks on a link, downloads a document or runs and executable containing malware.
5. Secure Remote Access Technologies – Secure remote access technologies such as a Virtual Private Network (VPN) should be used to access an internal, or private, network from an external, or public, location. There are many insecure remote access technologies such as Remote Desktop Protocol (RDP) that are effortlessly compromised, allowing ransomware attacks to succeed.
Recovery
1. Incident Response Plan – An incident response plan provide an organized approach to detect, eradicate and recover from cyber security incidents, including a ransomware outbreak. The plan offers structure and reassurance during the most chaotic and stressful situations. Creating an incident response plan is a fundamental component of being prepared to recover from a ransomware infection.
2. Network Segmentation – Computer networks that are logically or physically segregated from each other are very useful in containing a ransomware outbreak. Assuming that computers reside on one logical network and all servers reside on a different network; if a PC is infected with ransomware it will not spread to infect servers and vice versa. This makes recovery much more practical and obtainable. If all assets reside on the same network, the likelihood of the ransomware infection spreading and encrypting everything is very high.
3. Effective Data Backup Strategy – Reliable and current data backups allow one to recover from ransomware attacks by simply restoring systems, applications and files to a previous and non-infected state of operation. Backup jobs should be configured in accordance to system criticality, monitored for success and routinely tested for recovery assurance. It is also good practice to have multiple copies of backup files stored on different types of media and in different locations.
4. Disaster Recovery Plan – A disaster recovery plan has several key components, one of the more important ones being a step by step recovery procedure. Reliable and current data backups are only useful if they can be used in a successful recovery effort. Be sure to document this procedure and test its effectiveness at least annually. If you would like to learn more about Databranch’s disaster recovery solutions, click here.
How Databranch Can Help
Ransomware is an incredibly popular, effective and profitable cybersecurity attack. It is a real menace. The good news is that the right prevention and recovery tactics will prepare anyone to address the threat of ransomware with confidence and success.
Contact Databranch today at 716-373-4467 x 15 or [email protected] if you would like to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.
Article used with permission from CyberStone.
comments powered by Disqus