Ransomware attacks continue to grow in number and sophistication. If you are responsible for IT and security management in your organization, knowing how to protect your organization against ransomware is a must.
For example, a May 2019 ransomware infection hit the city of Baltimore’s computer system. The attack affected hospitals, vaccine production, airports, and ATMs. The total cost? Estimated around $18 million.
Governments and large corporations may get the most attention, but they aren’t the ones that suffer most. Consider these statistics:
– It’s estimated that ransomware costs small businesses $75 billion a year
– The cost of downtime and data loss puts small and mid-size business at the biggest risk
– The average Q4 2019 ransomware payment was $41,198
– The average Q4 2019 downtime cost was $64,6454
– Average downtime has increased to 16.2 days4
– Bitcoin remains the preferred payment in 98% of attacks4
In this blog, we’ll cover:
– What is ransomware
– How it works
– And how to protect your organization against it
What is ransomware?
Ransomware is a malicious program. It can infect a single computer or a network of computers, encrypting the data, making it inaccessible. Upon infection, the cybercriminals communicate their demands, often a ransom that must be paid to decrypt the data.
According to one survey, 98% of attackers provided an encryption tool upon payment.4
Considering the costs, you want to avoid this situation entirely, which you can do with solid network and endpoint protection, employee training, and a well-defined disaster recovery plan.
How does ransomware work?
A ransomware program activates and infects a computer when a user:
– Clicks on a website link or a link in an email
– Opens an attachment in an email
Once activated, the malicious program runs an encryption program shutting down access to the computer. At this point, the device becomes useless. If you have a back-up in place, you can shut down the infected PC and quickly redeploy a new one. If you don’t, you are stuck deciding if you will pay the ransom or just lose the data.
Why do ransomware attacks continue to increase?
Quite simply, they work.
Ransomware cybercriminals make a lot of money on these attacks. Most ransomware scripts are not amateur efforts. These are done by highly advanced international crime rings that are well-financed and run like a business.
The ransomware programmers, also called authors, have a huge incentive to invest in developing new and more advanced encryption algorithms. They also continue to evolve the delivery of these programs to ensnare companies and force them to pay the ransom.
Attackers don’t seek to bankrupt their targets. They aim to infect as large a number as possible to get as many people as possible to pay. And as noted in the statistics at the beginning of the article, Bitcoin remains the preferred payment method, posing another costly and logistical challenge for organizations that suffer an attack.
Fortunately, you can protect your organization with a proactive approach to network and endpoint security.
How to protect your organization against ransomware?
#1 – Deploy essential security measures.
– Block infection from reaching your network by securing your mail and web gateways. Deploy packet inspectors to scan and block fraudulent emails and prevent users from accessing known malware generating websites.
– Patch all applications, and patch them often. The WannaCry and Petya ransomware that decimated networks around the world, causing billions in damages, relied on an exploit that Microsoft issued a patch for 3 months earlier. People who patched their systems regularly were not affected.
– Recognize antivirus software is your last defense, not your first. You should still have a strong and up-to-date AV software, but understand that if a ransomware attack gets on your network and to the endpoint, it may be too late. Malware writers constantly change their attack vectors to exploit newfound vulnerabilities in software. Keeping your virus definition files up to date is essential, but the last hope to stop the latest threats.
#2 – Educate your users.
– Your users must know how to spot ransomware. For example, they should never open a file from anyone until they confirm the email address. Just because the name of the sender says it is your bank doesn’t mean it is; the actual email address might read – email@example.com.
– This is a vital step in preventing targeted attacks. The better educated, the lower your risk. At the same time, you must be realistic. It only takes one accident to compromise an entire network. Regular training helps reduce the chances of accidents.
#3 – Be prepared for an attack.
– Maintain a good set of backups. With a good set of backups, you can simply retire the infected PC, deploy a new one with the backed-up data, and get back to work.
– Keep backups disconnected, or offline, from the main network. The Petya virus was able to spread so fast because it used Windows management tools to spread from computer to computer, infecting data as it went. It could also infect network-attached storage connected to the network. If your backup copies are on the network, they could also be encrypted making them unusable. Tape backups have made a comeback because of this reason. Offline remote backups are also an effective way to mitigate infection.
– Pay and pray? If you have been infected, and you do not have a good set of backups should you pay the ransom? If you do, you embolden the attackers. If access to the data becomes a matter of life and death, like with hospitals that have been infected, you may have to pay and hope that you are dealing with an ethical digital gangster who will really return your data. These situations are a big reason cyber liability insurance has become so popular.
Protecting yourself from ransomware
Increased remote workers introduce new opportunities for cybercriminals to wreak havoc on organizations of all sizes.
Implementing the three strategies outlined in this article offers the best approach to protect your organization against a ransomware attack. If you have questions about how to do this, one of our managed security service professionals will be happy to speak with you. Please do not hesitate to contact us and see how we might help.
Our IT Security Solutions keep your teams secure, connected, and productive so you’re ready to thrive – not just survive – in today’s marketplace. Learn more about how we’re helping organizations protect their IT today, while planning for tomorrow at RicohChangeMakers.ca.