For several years, ransomware has been a prevalent cybersecurity threat to both businesses and personal users, but as malware itself has evolved, more and more institutions are at risk.
Data made unavailable by ransomware has halted healthcare organizations, utility companies and city governments, like the City of Baltimore. Many business just can’t afford to recover from such cyber attacks.
In this blog, we’re going to break down ransomware - including what it is, employees’ roles in its deployment and how to protect your business against an attack.
What Is Ransomware?
Ransomware is a form of malicious software (malware) that is designed to encrypt data for the purposes of extortion. Small businesses often lack the multiple layers of security or proper disaster recovery solutions of larger companies, and, therefore, are more likely to pay the ransom to avoid losing their valuable data.
Ransomware can come in the form of a phishing email, often including an attachment or attacks through a website that is controlled by a bad actor (or commonly called hacker). If clicked on, your accounting, inventory or client data can suddenly become unusable. This can create a financial or reputational impact to your business that potentially is not recoverable.
Bad actors, or hackers, are becoming sneakier, with more targeted phishing campaigns, like spear phishing. These phishing campaigns can go undetected by spam filtering.
In 2019, we have seen more and more ransomware attacks targeting servers that have open remote access to servers and poor password policies. This version of ransomware is constantly being updated to defeat countermeasures.
Users Activate Ransomware
Ransomware is usually triggered by user interaction, like opening an attachment or visiting a website, or through an automatic program accessing a server open to the Internet. Once triggered, ransomware often does several things.
First, the ransomware “phones home” to a command and control server for instructions and additional malicious payloads. This communication in many cases is designed to identify where the victim is located; so, the ransom instructions appear in the victim’s language and the local currency.
Second, the process of encryption is started on any data the user has access to. If a user has administrative rights to a network, the ransomware could spread unchecked across computers and servers resulting in catastrophic damage. Encryption is simply the conversion of data into an unreadable code without the proper decryption key.
In business uses, encryption is an excellent method to protect data transmitted, stored and accessed. In the case of ransomware, the encryption process can render the data unreadable.
Finally, the ransom instructions are provided to the victim. Oftentimes, these will warn against any attempts to undo, restart or get around the ransomware. Sometimes ransomware will have a countdown to permanent deletion to increase the sense of urgency.
Demands are usually made in the form of cryptocurrency or gift cards. These are both very difficult to trace who receives them and therefore, excellent for criminals to make a profit.
The data is promised to be given back once the ransom is paid, but there is no guarantee that your files can be unlocked once the terms are fulfilled.
Steps to Protect Yourself Against Ransomware
Ransomware deployment usually relies on a user to commit an action to run the attack. Protecting your business from ransomware takes multiple layers of cybersecurity, but it all starts with your employees.
Employees are your first line of defense. Security awareness training can give employees the tools to identify phishing attacks and stress the importance of password security. All ways for each individual in your company to help protect against ransomware and other cyber attacks.
Having the latest updates, or patches, keeps your network up to date against the latest ransomware trends. Updates aren’t limited to installed applications and software, but also include operating systems. Old operating systems leave wide open doors in your network for ransomware attacks. Do you have Windows 7? Are your prepared for its End of Life?
Ensure user accounts have enough access to the network to do their job without having too many rights to other computers. Granting your employees too much freedom may allow malicious programs to run. If your employees can install programs to their machine, their account would allow ransomware to run as well. A quick check of your user accounts can show this.
Email content scanning can halt infected files from even showing up to your inbox. In some cases, the service actually “detonates” the file to see, if it performs malicious actions. A standard PDF file should never try to communicate with a website or try to alter files, but one that comes in a phishing attack likely would. Your IT provider can assist in enabling this type of service.
Up to date anti-virus software and other breach detection tools are another layer of defense for when users do click, or the attack comes in from a different way. Anti-virus solutions have “signatures” to look for known ransomware and can prevent it from completing the action. Other breach detection tools can detect “backdoors” that bad actors may have used to maintain access to your network. In some cases, ransomware is the last phase of a bad actor’s work, as they have already extracted data that is profitable to them in the form of personal information.
Your last resort against ransomware attacks is backups. Backups should be separated from the rest of your network and be tested regularly to make sure it will work when needed. Backups minimize the impact of ransomware by restoring your systems to the point in time before the attack.
Are You Prepared for a Ransomware Attack?
Ransomware is not a cyber attack you want to experience alone. Partnering with a cybersecurity expert will ease the burden and make sure you have prevented measures in place. Access Systems has a team of IT experts to protect you.
Make sure you are protected from a ransomware attack with an IT Assessment. Give us a call at 888-464-8770, send us an email info@AccessSystems.com, or fill out the form.