The threat of ransomware is real businesses and enterprises across multiple industries face daily challenges from external threats such as computer viruses and emerging malware and spyware – any one of which can potentially wreak havoc on their internet-technology systems.
No One Is Safe
Are you aware of the most recent multi-million-dollar crime extortion malware vexing everyone from hospitals to banks, police departments to even Congress?
It is ransomware and it is the latest type of malware developed by hackers to lock the system, compromise sensitive data on hard drives through encryption or prevent the computer from booting up at all. The hackers do this with one goal in mind. To extract money from unsuspecting victims. These victims get locked out of their computer making it incredibly difficult to gain access to all the files and other sensitive business data without the encryption key. Usually the ransom has to be paid in newer electronic payment methods such as Bitcoin and Ukash so that it cannot be traced back to the culprits. Moreover, businesses can potentially suffer a full scale data breach from ransomware infections resulting in huge fines and loss of consumer trust.
Evolution of Ransomware
Yesterday’s annoying viruses have now evolved into terminal malwares designed to steal money from its victims.
Though ransomware first came into circulation on a widespread scale in Russia between 2005 and2006, it has begun making regular headlines since 2013 with the arrival of CryptoLocker and its many variants like CryptoWall and TorrentLocker. This type of ransomware was created to encrypt files on the infected machine and to identify the country from its IP address so that the extortion message to buy the decryption key could be delivered in the local language.
With technological advances and the rise of ‘Ransomware as a Service’, hackers have progressed from targeting home users to much more sophisticated attacks on SMB’s and enterprise networks. Cyber attackers have built robust platform infrastructures using Domain Generated Algorithms and assets in Top Level Domains, Generic Top Level Domains and Country Code Top Level Domains. According to a recent report by Intel Security, the ransomware industry has grown exponentially by over 3,000% since 2012, with new threats being discovered every year.
Some of the new varieties of ransomware holding businesses to financial ransom over their data, such as Petya, Dogspectus, Ransom.Win32.Xpan and Princess Locker, display potency across infection vectors and have selective encryption and target-awareness capabilities.
Before learning how to protect your business from these dangers, you must first understand how ransomware infects computers as well as the mode of infection. Also, become familiar with what steps your company must take to prevent, track and respond to ransomware attacks.
How Can Ransomware Get on My Computer?
Ransomware attackers utilize a number of techniques to infect users, from spear-phishing campaigns, email lures, and exploit kits, and other infections such as Angler.
Users can accidently infect their own computers with Ransomware through one of many seemingly-innocuous actions, such as inadvertently opening an infected email attachment, clicking on a malicious link or malvertisement or even visiting a compromised site.
Attackers find it much easier to gain entrance through existing browser or OS program vulnerabilities – caused by irregular updates – or weaknesses caused by previous machine malware infections.
Malware can also spread through infected removable drives including USBs and portable hard drives, and by application downloads with infected software bundles such as browser toolbars, instant messenger apps, third-party .exe files or software key generators.
Defensive Strategies to Protect Against Ransomware
No company should be without a strategy to prevent, detect, and respond to ransomware attacks as they can make your data inaccessible and grind your business to a jarring halt. While there may be no magic bullet to keep your organization’s data safe from ransomware, there are a number of steps every business should take to drastically reduce their chances of infection.
- Educate end users about ransomware: As they say, the best offense is a good defense. And, the first line of defense against ransomware is user awareness and education. You can block malware considerably by training employees through a variety of security awareness programs. Employees can be taught to recognize the potential dangers of opening attachments from unknown people, or clicking on suspicious links.
- Learn about social engineering: Understanding how resourceful hackers use social engineering and clickbait techniques to spread infection can help end-users avoid those pitfalls. Periodic training sessions through interactive discussions can help employees remain alert to potential security threats they may encounter in cyberspace.
- Authenticate incoming mail through scanning and enable filtering on your mail servers: All inbound emails should be scanned for known threats to block any suspicious attachments. Most email servers enable flagging of incoming mail that does not pass tests such as reverse IP lookup, SPF and DKIM records to filter potentially dangerous emails. Email servers can also be configured to automatically disallow any executable file with an EXE, COM or SCR extension. These preventative measures work well to stop ransomware distribution through emails.
- Protect your system using mitigation strategies: It is possible for SMBs to protect against ransomware through controls such as application whitelisting, ensuring proper patch management for applications and operating systems (OSes), and by minimizing administrative privileges. Knowledgeable administrators can enlist whitelisting techniques to allow only secure and legitimate applications to run on your machine, thus preventing download and installation of any other executable malware on it.
- Desktop security: With such high stakes, businesses should not skimp on the deployment of a proper, commercial desktop security suite. Further, they should layer that security with managed endpoint solutions.
- Patch management: Because there are no infallible security products, companies should adopt an aggressive patch management on all programs to drastically increase AV effectiveness. As mentioned, malware developers try to exploit vulnerabilities in the OS, applications and even web browsers. That is why it is important to plug security holes once they have been discovered by regularly patching software and installing critical updates as soon as they become available.
- Limit system permissions: Ransomware usually run the execution chain from temp folder so restricting program execution from temp folders can stop malware infections from spreading further. Network administrators should also limit systems’ permissions to prevent the unauthorized installation of malware on systems without an administrator’s password. The spread of malware infection can also be limited by segmenting sharing and access rights to critical data using redundant servers.
- Be prepared with a comprehensive data backup strategy: It is absolutely vital to establish a robust backup regime in preparation for a ransomware attack. Comprehensive backup solutions for all critical business data assets can ensure the continuity of your business in case of a successful ransomware attack by restoring local and server apps and data to its pre-infection status.
- Get to the Cloud: Ransomware works by causing disruption to your business. You can take steps to ensure business continuity by moving to the cloud, which offers a greater level of protection and overall security to a SMB. Cloud providers bundle multiple security controls like malware scanning, enhanced authentication, data loss prevention strategies and various other protections into the service to minimize the chance of a ransomware attack. Cloud services also offer additional protection as add-ons, such as traffic scanning and site reputation checks to counter the threat of ransomware. With your data in the cloud, it should not be a major headache if your local machine becomes infected with a ransomware.
As you can see, ransomware is a very real threat. If you do not want your business to fall victim to this menace, simply follow the best practices outlined here to prepare and to protect against your well-prepared adversaries.