Do You Have a Ransomware Strategy in Place?
Imagine opening your work laptop and seeing a ransom note: All of your data has been encrypted and you have one hour to make a payment in Bitcoin before the price increases. If you don’t make a payment within one day, all of your files will be deleted or posted online for everyone to see. What would you do?
These kinds of attacks have become increasingly common over the past several years. In 2017, the WannaCry attack made ransomware a household name after affecting more than 200,000 computers across 150 countries with total damages ranging from the hundreds of millions to billions of dollars.
In this article, we will take a closer look at ransomware, how to avoid becoming a victim and how to prepare for an attack if it were to occur.
What is Ransomware?
Ransomware is a type of malicious software that threatens to publish a victim’s data or block access to it unless a ransom is paid. With the rise of cryptocurrencies — an anonymous form of peer-to-peer payments, ransomware has become a popular way to extort money from victims without revealing the recipient of the funds.
Most ransomware is concealed in email attachments or other files that users are tricked into downloading and opening, such as infected Microsoft Office files. However, there have been several instances where ransomware traveled automatically through networks using unsecured ports, causing much more widespread issues.
Ransomware attacks have been on the rise. During the first half of 2018, there were 181.5 million ransomware attacks, which was a 229 percent increase over the same period a year earlier. Criminals have found ransomware attacks to be easier to execute and more lucrative than other attacks since it can be easily scaled to millions of targets.
Ransomware attacks have also expanded beyond personal computers and laptops. Mobile devices have become a popular target due to the potential for self-replication through exposed address books. Internet-of-things (IoT) devices and point-of-sale (PoS) systems have also been targets.
The amount of money demanded by ransomware depends heavily on the target. Typical ransoms range from $20 to $700 per user, while payments are usually requested in cryptocurrency or credit vouchers. Some ransomware even customizes the ransom based on the device and victim demographic.
How to Avoid Becoming a Victim
The best ransomware strategy is a great defense that prevents attacks from occurring in the first place. While some incidents are unavoidable, employee error, there are many technology solutions that can prevent these kinds of attacks before they reach employees.
Download our free ransomware incident response template to help guide your company policies.
Active network protection, including cloud firewalls, safe Internet, VPN remote access and secure WiFi, can prevent many forms of ransomware that target unsecured ports. For example, the 2017 WannaCry ransomware attack took advantage of unsecured ports to quickly spread across an organization.
Server backups are another effective way to avoid ransomware attacks — or at least mitigate damage. If a ransomware attack occurs, regular backups can make it easy to simply reformat the device and restore the data without worrying about extensive data loss or other issues.
Education & Policies
Technology solutions aren’t enough to prevent all problems — it’s important to have the right policies and training. Employees should be familiar with common ransomware attacks and there should be procedures in place to help them avoid becoming targets — especially in critical industries.
Common ransomware attack methods include:
- Phishing emails: Attackers use compromised accounts or spoofed emails to send infected attachments across an organization. Often times, it only takes one person to compromise the network.
- Drive-by downloads: Attackers may purchase malvertisements that trick people into installing downloadable or web-based software. Often times, these malvertisements appear on piracy or adult websites.
- Third-party attacks: Attackers may leverage existing malware that’s already on a target’s computer. For example, botnets may use ransomware to monetize their large networks without much effort.
Developing a Response Plan
Ransomware attacks are always a possibility—even if you have the right protections in place. It only takes one employee to make a mistake that could expose confidential customer data or result in data loss. Every business should have a ransomware response plan in place to deal with any incidents.
Download our free ransomware incident response template.
The response plan should include several components:
- Emergency response: Create a plan to contain the spread of the ransomware, backup any remaining unencrypted files, and contact the authorities.
- Securing the data: Instruct employees to shut down and disconnect their devices until the ransomware attack is identified. Determine if there’s a way to recover data.
- Assessing the damage: Identify the type of ransomware attack, along with the impacted devices, files, and customers. Consult a lawyer about any legal liability.
- Notifying customers: Consult with a lawyer to come up with a plan for notifying customers about data loss or exposure in a timely fashion.
- Making changes: Identify the previous vulnerabilities that enabled the ransomware attack to occur and develop recommendations to prevent future attacks.
The biggest question for most companies is whether to pay the ransom. Many cybersecurity firms advise against paying a ransom because there’s no guarantee that criminals will deliver on their promise to unlock the data, and of course, the funds reward and reinforce criminal behavior.
That said, paying a ransom may be the fastest way to solve the issue. Hollywood Presbyterian Medical Center was infected with ransomware in 2016 and opted to pay a 40 bitcoin ($17,000) ransom to unlock computers used for emergency rooms, pharmacies, and laboratory work.
The Bottom Line
Ransomware is a growing problem that affects thousands of businesses and causes millions of dollars in damages each year. While all businesses could become potential targets, there are steps that you can take to reduce the risk of a successful attack and mitigate the fallout.
Jungle Disk provides a cybersecurity suite designed for small businesses with two to 250 employees. With active network protection and secure data backup, our technology offerings can help you reduce the risk of data loss from ransomware attacks and help protect your assets.
Sign up online or call (888) 601-0401 to get started today.