Understanding Ransomware

We are all familiar with media representations of kidnap and ransom. A child of a wealthy or powerful parent is taken from the playground, and then a note is sent demanding cash for their release. Imagine something similar happening to your business—except the child is your data, and it doesn’t matter if you’re filthy rich or not. But the demand for money remains the same.

In more technical terms, ransomware is a type of malware that will take your data hostage. It will typically accomplish this by infiltrating your system with a phishing scam or website infection—taking advantage of even small vulnerabilities. Cybercriminals can halt your computer or phone or other devices by moving from one endpoint to the next, discovering and collecting data before securing it through encryption. These hackers are commonly well-equipped to leave no trace behind, permitting them to safely ransom the mined data back to its owner or sell it on the dark web.

A critical challenge with ransomware is that there are very few solutions available once it gains access to a given system. Almost any effort to mitigate costs to a business is impossible.

Thankfully, because many of the vulnerabilities associated with ransomware tactics are well known, there are courses of action that can be taken to avoid and manage the impact of this cybercrime.

How much of a threat is ransomware?

The Small Business Administration estimates that “ransomware attacks are the fastest growing malware threats. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016.”

A recent IBM study estimates a 6,000% uptick in ransomware attacks. Despite this astonishing rise of the threat, most businesses and people are ill-equipped to deal with it. Researchers concluded that one in four people “have no idea” how to respond if they are victims of a ransomware attack. US statistics point to a stark 63% of businesses professing a ransomware infiltration, and 47% saying they had multiple invasions, according to a cyber and technology expert at Hiscox USA. The cost of crimes is commonly in the hundreds of billions each year.

In more straightforward, less statistical terms, ransomware is a massive threat. The necessity for businesses to recognize this reality is critical to survival.

How to protect your business from the threat of ransomware?

We will begin with some basics and progress toward more advanced and technical strategies.

Basic Measures

Because ransomware is so insidious and effective once it has infiltrated your system, a bulk of how to protect against the threat is a proactive effort at defense. The front line of many protection efforts can begin with educating employees. Informing your staff about the warning signs, safest practices, and the most effective responses are massively helpful toward threat prevention. Make it a policy to use strong passwords on all accounts, utilizing at least eight characters, in a combination of letters, symbols, and numbers. Encourage employees to exercise caution with any email links. In addition, use strong, multifactor authentication whenever and wherever possible.

Advise employees against opening any attachments or downloading files from addresses that are not well known and trusted. If your business does not have a dedicated IT department or outside IT support, hold employees accountable for keeping all business-related devices updated with software and automizing updates for antivirus and antimalware solutions. This is not a complete list, but it is a good starting tutorial for building a staff that can be the first line of defense.

Also, take an organizational and managerial approach to protect against the threat of ransomware. There are myriad ways of employing these strategies. Managing the use of privileged accounts is vital, restricting users from installing or running software applications on network devices. Make sure to perform regular and routine system backups—offline and online—to speed up any potential recovery process. Be sure to store the backup data on a separate device and offline. Annually running tests on your system for any plausible penetration zones is highly recommended.

In a worst-case scenario, consider options for Cyber Liability insurance to minimize the impact of a possible attack.

Advanced (more technical) Measures

Any efforts to protect your business against ransomware are about having a plan and executing it, whether to avoid an attack, thwart an active attack, or recover from an attack. It is essential to be able to identify the scale of an attack, mitigate it quickly, and protect any technology that has avoided infiltration. Isolating tech that has been infected will assist in containing the extent of an attack. Once you have followed the earlier steps, you can restore from offline backups with care, while updating and patching machines in the places they are vulnerable.

It is vital to make law enforcement aware of any breach. Management can contact the FBI amid an invasion, and a police report can be filed after the fact. Because it is never a guarantee that your data will be returned if you pay a ransom, the FBI advises against this action.

Implementing endpoint solutions is also crucial in defending against an attack and providing the offense to derail malicious efforts. Solutions should help you find, patch, and report on all endpoints, without being restricted by location, bandwidth, or connectivity. And despite what operating system you are using or your network’s capacity, any endpoint solution you implement should provide software inventory and asset capabilities that permit you to efficiently spot patch levels, software versions, and configurations. Also, explore options that integrate with other prominent applications for security, including network access control (NAC), incident response (IR), or security information and event management (SIEM).

You may want to consider configuring access controls based on privilege. Limit access to writing files, directories, or shares for only those employees who necessitate for their job responsibilities. Take into consideration the disabling of macro scripts and Remote Desktop Protocol. Look into employing Software Restriction Policies (SRP) or other similar methods to limit programs that execute from common ransomware locations, including temporary folders that support Internet browsers or compression and decompression programs.

Keep in mind that criminals and ransomware are continually evolving. It is important to remain proactive and systematic with any approach, regularly seeking education and research on new vulnerabilities and infiltration methods.

Resources

Identifying, managing, or rebuilding from the threat of ransomware is an ongoing and exhaustive endeavor. If you are looking for further guidance on technology and business solutions, you can schedule a consultation with Network Coverage today.