You’ve heard the horror stories about ransomware attacks: a typical victim is locked out of critical applications, all files are encrypted, and business comes to a crashing halt, all because someone opened a malicious email attachment. If the next target was your organization, could it avoid being the next ransomware headline?
Ransomware attacks, when a computer or entire network is encrypted by malware and held for ransom, are once again on the rise, and businesses are the number one target.
Ransomware growth is off the charts because it works
According to Forrester’s Guide to Paying Ransomware, ransomware attacks are up 500% from this time last year and a greater share of them were aimed at high-value victims, such as businesses. Ransomware masquerades as promotional offers, credit card alerts and emails from friends and colleagues. Once downloaded, the virus encrypts the victim’s files and travels to the next computer on the network. If nothing is done, it can rapidly take over every desktop and server is encrypted, including any backups on the network.
Darren Carroll, the director of security product management for TierPoint, has valuable advice for anyone concerned about ransomware. He shared his insights in a recent webcast Don’t Be A Headline: Ransomware Basics and How to Achieve Good Security Hygiene.
According Carroll, executives often debate whether to pay ransom. Paying ransom can be cheaper than recovering from an attack, but sometimes hackers demand too much. The city of New Bedford, MA declined to pay an enormous ransomware demand of $5.3 million in July.
Whether you answer “yes” or “no” depends on the value of your data to your business, whether you have a reliable backup and your tolerance for extended downtime, said Carroll. He recommends weighing the cost of the ransom against the estimated cost to recover your data and applications some other way (or to start from scratch if you lack a recent backup). You should also keep in mind that many cyber-criminals will take your ransom money but not provide a working decryption key.
Fortunately, if you have a reliable cloud-based backup or disaster recovery (DR) service, you may not have to worry about ransom. Cloud DR can prevent the backup from being encrypted along with the production system and enable a rapid recovery.
Many cloud and data center service providers offer cloud-based backup and disaster recovery, which involves continuous backup of data and applications, with failover and failback service if the system is triggered. For organizations that can’t afford any downtime or loss of data, a DR service can provide real-time replication and immediate failover to the backup system.
How to stop a ransomware attack before it gets into your system
To stop a ransomware attack before it can enter your system, says Carroll, focus on improving these three areas of cybersecurity:
Security controls and technologies
Those include endpoint detection and response (EDR), web content filtering, URL filtering, email spam filters and a sandboxing environment to evaluate the behavior of suspected malware in quarantine. Also, a web application firewall can help by blocking the input and output of applications based on policy settings. Many of these capabilities are in next generation firewalls, but administrators don’t always enable them, said Carroll.
Along with anti-ransomware security controls, IT should educate end users about ransomware. Cyber-criminals depend on employee ignorance to slip ransomware into an organization’s network. The better end users are aware of how ransomware works, the less likely you’ll have to deal with a ransomware disaster.
A ransomware attack commonly begins with an innocent looking email with an innocuous subject line such as “Password change required,” “Payment confirmation” or “New vacation policy!”
While most IT departments warn employees not to click on strange attachments or URLs, these emails don’t always appear “strange” to the recipient. More attacks are conducted through targeted phishing emails that are customized to the victim’s job and may include colleagues’ names to appear legitimate. Yet, the InfoSec Institute reported that 97% of people can’t identify a phishing email.
“We need to help people understand what the attack landscape looks like and how to combat it,” Carroll said.
Security patches and updates
IT departments are often themselves guilty of ignoring good security practices. The most common form of cybersecurity negligence is failing to keep up with patches and updates. In fact, major security breaches such as the infamous WannaCry attack on the National Health Service in 2017 can be linked directly to negligent patching. An overworked IT department may feel it can skip a patch or two, but patching is far less trouble than cleaning up a ransomware disaster.
Failing to deploy the latest security patches leaves your systems vulnerable to a wide range of cyber-attacks, said Carroll. His advice: turn on automated patching, keep things up to date.”
Watch the full Ransomware webinar
Want to hear more of Carroll’s insight on how to prevent or recover from ransomware? Listen to the full webcast Don’t Be A Headline: Ransomware Basics and How to Achieve Good Security Hygiene.