One of the most feared terms in data security is ransomware.
As the name suggests, ransomware is a type of malware that blocks access to your company’s data until you pay to get it back. Essentially, your organization’s confidential information is being held hostage due to a cyber hijacking.
To understand ransomware is to first define malware, which is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. The one-two punch of ransomware is 1) a cyber goon brings your operations to a screeching halt and 2) the malware they use can metastasize and infect your computers and servers with additional malware.
What else should you know about ransomware, and how can you respond if your company becomes a target? We answer these questions below.
How Does it Work?
It’s very clear when a ransomware attack is exposed to the victim, but often the malware was dropped onto your network months before. You’re suddenly locked out of your files, and you receive demands that don’t mince words, such as, “Your have been encrypted. You must pay this ransom within 72 hours to regain access to your data,” or “You have viewed illegal website content. You must pay a $100,000 fine to unlock your computer.”
These messages are followed by instructions on how to pay the ransom fee to receive the decryption key and are often payable in Bitcoin. Over 200,000 organizations are affected annually, and the cost of ransomware attacks is high with an average enterprise ransom payment of $111,605. We were recently made aware of a Midwest-based organization that was completely shutdown (website, files, VPN tunnels) and the criminals demanded $1,200,000 to release the company from their clutches.
The impacts can range from temporary or permanent loss of company data and full shutdown of operations to financial loss of disruption and remediation efforts, as well as irreversible damage to your company’s reputation.
Who Does it Target?
The most targeted industries are healthcare, the legal sector, farming and food production, education, and manufacturing. In fact, manufacturers saw a seven-fold increase in attacks in the first quarter of 2020.
The reasoning indicates that these industries can’t afford monumental disruptions and are willing to pony up the funds to stop the bleeding. In addition, and more simply, organizations like universities, are easy targets because they tend to have smaller security teams and decentralized user bases with high rates of file sharing. In the case of manufacturers, many organizations are self-compromised because they lack proper security across all known devices, including machine data collection devices (often known as IoT or Internet of Things).
How do You Respond to Attacks?
It starts long before the attack by having a plan in place to restore your network and operations when a ransomware attack strikes. Remediation depends on many factors and can include these approaches:
Restoration - The best case scenario is that you have your files backed up. That way, you can wipe clean your infected systems or replace hardware before initiating the installation of your back-up data. This assumes that you are able to do solid forensics to know when your files were NOT infected with malware.
Decryption - Failing a fully tested and validated backup system, your other alternative would be using a decryption program to retrieve your data. This requires first identifying the ransomware encryption, which can be challenging because the bad actors encryption tactics tend to outpace the development of decryption tools.
Swallowing the loss - Ouch. If you’re not properly equipped with the former steps, and time becomes more and more precious, accept the loss and move on. All is not lost though, because you can still potentially remove the ransomware (malware) and hang onto the encrypted files in a separate storage location that is NOT connected to the Internet. that you can possibly decrypt in the future once the right decryption tool is available.
Paying the ransom - This is the worst case scenario for many reasons. For one, you’ll be at the absolute mercy of the attacker and likely get fleeced. In addition, how can you trust that a bad actor who makes their living off of theft will give your files back in return for your payment? Worse still is the precedent you’ll set, making your organization even more vulnerable to an attack by the same criminal outfit. Now with all of that said, we do know of some cyber insurance carriers that can negotiate on your behalf. We have known one carrier in particular that was familiar with the criminal demanding the ransom and since they had experience with them in the past, knew from their prior interaction that they were “honorable” criminals, if there can even be such a term!
How do you Protect Your Business?
You can’t guarantee 100% security of all of your systems, but you can sure as hell try by applying “The best defense is a good offense” rule. We recommend:
Monitoring the latest ransomware threats to be as educated and prepared as possible
Eliminating vulnerabilities with regular patches for your operating system
Knowing your software inside and out before installing it, as we’ve previously written
Installing antivirus and whitelisting software that, respectively, detects ransomware and malware, and prevents the execution of unauthorized applications
Using multi-factor authentication to require that technology workers provide evidence of their identity to show that they are who they say they are
Continuous education and testing of your work force so that they help to prevent any infiltrations of your systems
As mentioned above, back up, back up, back up
The warning that attackers will always find a way in is a tired one, but one that can’t be ignored. However, it doesn’t mean that your organization will be the next victim. Key to protection and prevention is establishing a defense against ransomware, along with a solid business continuity plan.
Don’t let the cyber terrorists win.
Results Technology Group provides technology solutions to our clients with best-in-class software selection, project management, and business technology leadership services. Schedule a free 30-minute technology discussion.