Ransomware attackers collected $1 billion in 2016. In the first half of 2017 alone, we experienced the biggest and arguably most innovative ransomware attack to date, WannaCry. Interestingly, WannaCry crawled the internet in the same fashion as a worm and spread like wildfire which is what made it such a widespread phenomenon. Needless to say, these attacks are increasingly prominent and getting more sophisticated as time goes on. You need to be prepared.
What is Ransomware?
Ransomware is malware that blocks a user's access to their files then demands a ransom to regain access. There is currently two types of ransomware robbing internet users in droves.
- Encryptors - Encrypting files and demanding ransom for the decryption key; a modern example being cryptowall.
- Lockers - Which lock victims out of their operating systems completely then demand ransom to re-access; an example being a fake police report stating the user has to pay a fine. Some lockers go as far as seizing the Master Boot Record(MBR) causing the ransom note to display before the system can even boot; an example being Santana.
Who is Targeted?
Home users get targeted for multiple reasons; typically don’t have back-ups, cyber security training, adequate protection, or consistently updated systems. They also lack education on cybersecurity best practices and have a high chance to open and click malicious content by accident.
Businesses are the big fish in the pond for ransomware. Due to the fact that businesses are increasingly relying on the internet and digital processes for operations, the severity of ransomware attacks is also increasing.
Hackers know that if they get in a business's system they can seize access to not only computers, but servers and cloud-based file sharing systems as well, resulting in more leverage to receive a ransom payment.
What Does it Cost Businesses?
A ransomware attack not only halts business operation, but also affects rapport with current and future customers. A survey from Carbon Black discovered that 7/10 consumers would consider leaving a business hit by ransomware. These attacks can knock entities out of commission for days, weeks, or even months at a time at a time. According to a study by Malwarebytes, one in five businesses that experience a ransomware attack are forced to shut down.
For a breakdown of the less recognized costs of a cyber attack, check out our previous blog post; True Cost of Cyber Attack and What You Didn’t Know.
How to Prevent or Remediate Ransomware Attacks
The most commonly overlooked yet highly effective measure to greatly hinder the chances of a ransomware attack is to properly train employees. They must know how to identify suspicious emails, and know to never open or click anything within or attached to these emails. Though that isn’t all of the preventative measures that should be taken, it is definitely a crucial part. Beyond that, note the following points to prevent a ransomware epidemic at your company.
- Account Access and Privileges: For daily use, DO NOT use an administrator account. Use a guest account with limited privileges to ensure nothing unknown will have the privilege to run. Review active and non-active accounts regularly and purge excess accounts to prevent past employees pr bad actors from gaining access.
- Back-Ups: Don’t limit your storage to one physical system. Have two back-ups; one in a cloud environment and one on external drives that you physically secure. Back-up as often as you need to ensure that you can restore enough of your environment from scratch to continue operation at any given time. Store back-ups safely. I can’t begin to tell you how many companies don’t know when the last time they backed up their system was, or even where their back-ups are (if they even have any)! This is the most straightforward remediation for a ransomware attack if one does happen to compromise your system. Even after a successful restore the vulnerability that lead to the initial attack must be found. This can be tracked down using a SIEM.
- Updates: Keep your plug-ins, applications, and Operating Systems up to date. Uninstall any outdated or unused plug-ins.
- Antivirus/Endpoint Protection: If a malicious file does happen to get past your firewall and starts to execute, there are tools to prevent any damage to your system and operations. There are a couple of interesting products in this area, one being Carbon Black Defense which combines the functionality of an antivirus with endpoint protection preventing the encryption from happening in the first place. Another notable tool is Sophos Intercept X, a purely endpoint protection product, which will detect any spontaneous encryption and stop it, then roll back any encryption that had already happened.
Although there are more tools that are poised to stop or prevent ransomware, the methods and tools above should be sufficient to overcome any ransomware attack. With threats and activity increasing, it grows harder to stay ahead of the game. Effort must be given to remain safe from attacks. For entities without the means to implement sufficient network security, we highly recommend for you to contact us for help.