What Can You Do to Protect Your Organization From Ransomware?

Ransomware is a growing threat to businesses of all sizes and verticals. 2017 is on track to be one of the worst years with triple digit growth in infections. Read this blog to learn why ransomware is growing and what you can do to protect yourself and your business. Gain access to the ebook, “Conversational Ransomware Defense and Survival” by Conversational Geek.

ransomwareRansomware is a growing threat to businesses of all sizes and verticals. 2017 is on track to be one of the worst years with triple digit growth in infections. Here are some of the alarming statistics:

Ransomware is a malicious program that infects a computer or network of computers and encrypts the data on that computer.  The attackers claim that they will decrypt the data only if they are paid a ransom. Victims are usually infected with ransomware by clicking on a link or opening an attachment in an email.

Why is ransomware growing? Because it pays! 

Ransomware authors are expected to take in over $1 billion in profits this year.  To keep up with demand some are setting up enterprise class “customer” service centers to process requests for decryption and to process their payments. These are not script kiddies hiding in their parent’s basement, these are international crime rings that are well financed and run like a business. There is a huge incentive for authors to invest and develop new and more advanced encryption algorithms to ensnare companies and force them to pay them their ransom.

Most ransomware authors prefer payments in Bitcoins, a type of cyber currency that is untraceable and easily converted back into conventual currency. Often the ransom is a reasonable amount of money that the corporation can afford; between $2,500 and $10,000. Ransomware authors have learned it is better to set their prices low, and have more people pay. Most of the time their objective is not to bankrupt their targets.

Ransomware is projected to cost businesses billions of dollars in 2017 with the May WannaCry attack costing up to $4 billion dollars alone.

How to protect yourself and your business:

Defense is your best offense:

  1. Secure your mail web gateways to block the infection from entering your network. Deploy packet inspectors to scan and block fraudulent emails and prevent users from accessing known malware generating websites.
  2. Antivirus Software is your last defense, not your first. If the attacker gets on your network and to the endpoint, it may be too late. Malware writers are always changing their attack vectors and exploiting new vulnerabilities in software. It is important to keep your virus definition files up to date to stop the latest threats.
  3. Patch Everything and Patch Often. The Wanaycry and Petya ransomware that decimated networks around the world and caused billions in damages relied on an exploit that Microsoft issued a patch for 3 months earlier. People who patched their systems regularly were not affected.
  4. Educate your users. This is an important step to prevent targeted attacks, but you cannot rely on your users making the right decision every time. Every company has at least one person that will click on a link, no matter how suspicious it is. It only takes one employee to open the door to an entire network being compromised!

What to do if you are attacked?  Be prepared.

  1. Maintain a good set of backups offline. The best way to protect yourself from an attack is to always have a good set of recent backups available to restore data. This way if you are infected you can restore from the most recent set of backups.
  2. Make sure these backups are offline and do not use AD credentials. The Petya virus was able to spread so fast because it used Windows management tools to spread from computer to computer, infecting data as it went. It could also infect network attached storage connected to the network. If your backup copies are on the network, they could also be encrypted making them unusable. Tape backup is making a comeback because of this reason. Offline remote backups are also an effective way to mitigate infection.
  3. Pay up and pray. If you have been infected, and you do not have a good set of backups should you pay the ransom? Morally, I would say no; your money, even if you can afford it, emboldens the data kidnappers and probably will be used to support very bad criminal organizations that profit from this and other forms of human suffering. If access to the data becomes a matter of life and death, like the 20% of hospitals that were infected last year, you may have to pay and hope that you are dealing with an ethical digital gangster who will really return your data.  

Organizations of all sizes are mobilizing and preparing for intrusions and ransom demands. This is a menace that is too profitable to go away anytime soon. However, this is a problem that can be minimized with proper planning. 

mindSHIFT, together with our backup partner Veeam, can help you develop an effective and robust backup strategy that can mitigate the risk of ransomware.

For more info on Ransomware, contact your mindSHIFT account manager, or read Veeam’s eBook on the topic.