Ransomware has been commonplace for years, with no sign of it going anywhere anytime soon. Let’s take a few moments to examine the state of ransomware right now, and review how to keep it from impacting your businesses.
Let’s go through a quick review of what ransomware is, and then what needs to be done to resist it successfully.
Ransomware—the malware that locks down a system until a monetary sum is paid—has been around for a few years, and during that time has expanded and grown in its capabilities. It’s also remained a popular form of cyberattack, with Trend Micro reporting that 84 (that’s 8-4) percent of organizations experienced either phishing or ransomware in the past year… and if we’re being honest, the two often go hand in hand.
There are also dozens of new innovations present in modern ransomware strains, with more and more tricky ways to get past a company’s defenses. Now, instead of just phishing their victims into installing their malicious payload, hackers who use ransomware now twist the knife a little (or a lot) more by threatening to leak data if a ransom isn’t paid. Some enterprising cybercriminals offer RaaS—Ransomware-as-a-Service—to those who want someone to hurt, and are willing to pay to make it happen. Ransomware has become so notorious and even normalized that some attackers have found success by simply claiming to have infected a victim’s PC, bluffing their way to a hefty ransom payment.
Clearly, ransomware is an issue that is not going away anytime soon, which means that businesses need to be prepared to deal with it effectively.
This is one topic that has gotten far more complicated as time has passed, simply because of the innovations we described above. Not all that long ago, our best advice (should one find themselves infected) was to make sure they always kept a backup so they could refuse to pay the ransom and simply restore their data infrastructure after the fact. Now, the double extortion method (exfiltrating data, and then threatening to leak it unless the affiliated company pays a second ransom after they’ve unlocked their systems) makes it dangerous to even do that.
While we will always recommend that a business keep a comprehensive and redundant data backup for the sake of data continuity in general, a backup can no longer be seen as the de facto insurance against ransomware. This makes it even more important that a business do everything possible to keep ransomware out in the first place.
Let’s go over what this will take:
Even basic firewalls and antivirus programs do a pretty darn good job of filtering out ransomware attempts, so it is important that you put in the effort to keep these protections—as well as all of your systems—as up-to-date as possible. This includes keeping track of any patches that are released for your chosen solutions and promptly applying them.
More advanced protections are also advisable, such as those that monitor your systems and the programs installed on them for suspicious activity. This is particularly advisable where your email comes into play. If possible, have your IT resource configure your email gateway to scan ZIP attachments and block executable files. In short, the fewer ransomware attempts your team needs to deal with personally, the less likely it is that they’ll slip up.
While we’re on the topic, however, it is important that your team is on their guard against ransomware attacks. The people you’ve hired really are your last line of defense against these efforts as they are the ones who are really being targeted. Phishing is a favorite means for a cybercriminal to bypass many of the network defenses we outlined above. Your team needs to be able to spot a phishing attempt and know the proper steps to take should they spot one.
This process will also involve testing your users to see how “on their guard” they actually are. It is possible to run simulated phishing attacks to directly evaluate your team to identify any weak points in your company’s personnel and educate them appropriately. Even your business’ culture should be somewhat founded on the principle of security and maintaining it.
Of course, there is always the risk that one of your users will miss something and let in a threat. This is why it is also crucial to minimize the damage that an attack on one of your users could potentially have.
A zero-trust policy—one that limits a user’s access to data to only what they directly need to do their particular job—is a good way to limit the damage that an individual user being undermined might do. In addition to this, we recommend that any accounts that offer multi-factor authentication have it enabled. That will add an additional layer of protection between a hacker and your resources that they’ll have to deal with.
Finally, while there are some ransomware attacks that still manage to hurt a business if it manages to restore its data, it’s better to have your data than to not have it. Maintaining a backup that complies with our recommended best practices can still help protect your business from ransomware, as well as other cyberattacks.
Reach out to us today for our assistance in preparing your business to withstand the influence of ransomware throughout this year and beyond. Give us a call at 561-795-2000 to get started.