Ransomware Attacks – To Pay or Not to Pay
For most of us, when we think “ransom” our mind envisions a movie (probably starring Liam Nesson) in which bad guys request money in exchange for the release of a victim. Today, Cybercriminals are employing the same idea through ransomware attacks and if your organization has ever been the victim of one, you’ll know just how dire the consequences can be.
What is Ransomware?
Cybercriminals use ransomware to prevent users from being able to access their systems or data unless a ransom payment is made. In fact, according to the FBI, ransomware has become a billion dollar cybercrime industry and is the fastest growing security threat online. In a 2017 survey of organizations, 75% said they had fallen victim to a ransomware attack in the past 12 months and 41% of businesses who had suffered an attack, experienced significate system downtime, while 30% experienced data loss. Many businesses have increased spending and changed their security systems already in place to prevent ransomware attacks specifically.
How Does an Attack Happen?
Email and web usage are the most common ransomware infection points. This can be in the form of malicious email attachments, phishing emails or compromised websites. Cybercriminals are primarily interested in financial data, as many businesses cannot afford to lose access to this type of data. Client information is also a target.
What Are the Different Types of Ransomware?
There are three main types of ransomware used by Cybercriminals – Scareware, Screen Lockers and Encrypting Ransomware.
Scareware, despite its name, is not actually that scary. Scareware involves fake security or tech support scams, in which the user receives a pop up message claiming that malware has been discovered on their computer and the only way to get rid of it is to pay. If no action is taken, the user will likely continue to receive such pop-ups, which are annoying however the data saved on the computer is actually safe. It is good to remember that no legitimate security program would solicit payment in this manner.
Screen Lockers up the ante a bit. When a Cybercriminal uploads screen lock ransomware, you’re effectively frozen out of your computer entirely. During such an attack, when you open your computer, you’ll see a full size window that appears to be an official FBI or US Department of Justice seal saying that illegal activity has been detected on your computer and you must pay a fine to regain access. Again, it’s important to remember that the FBI (or any other government entity) would not contact you in this manner.
Encrypting Ransomware is the worst of the worst of the worst. This is when Cybercriminals actually hack into your files and systems and encrypt the information, rendering it completely useless to you. What makes encrypting ransomware so dangerous, is that there no security system or software that can restore your files and unless you pay the ransom, they are lost forever. Even then, it’s not a guarantee you’ll be able to access them again.
What Can I do if my Organization is Attacked?
Once a ransomware attack is identified, cybersecurity professionals have a number of tools at their disposal to help minimize the damage. The most common response is to first identify the strain attacking an organization and then contain the damage by isolating or shutting down all infected systems and accounts. Then the malware can be eradicated and a full system backup can begin. The rate and speed of ransomware detection is critical in combating the attack successfully and minimizing the damage.
One of the most common questions in the midst of a ransomware attack is “should I pay or not?” In the 2017 survey, the majority of organizations said that they would not pay the ransom. However, when you’re in the middle of an attack, it’s hard to know what you would do if your organization’s livelihood was on the line. A small number of businesses actually set aside money in the event there is such an attack. However, professionals agree that money spent to prevent an attack is more effective than budging money in the event one does occur.
How Can You to Prevent an Attack?
1. Segregate Your Networks – by doing so, you’ll be able to contain an attack and minimize the spread of a ransomware infection.
2. Turn off Administrative Rights – chances are, not everyone in your organization needs access to administrative level permissions, giving you more control over what your employees can and cannot access.
3. Restrict Write Permissions – like administrative rights, this is another options for controlling how files on your systems are being used.
4. Educate Your Users – this is perhaps the most important and effective way to prevent ransomware attacks. Chances are the majority of your employees don’t even know what a ransomware attack is and therefore have no ability to proactively combat one.
5. Backup Your Data – make frequent and compressive backups of your critical data and files and keep them offline. If a ransomware attack does occur, you’ll have the files you need to get back up and running as quickly as possible and prevent the loss of data in the process.
6. Email and Web Security – it is essential that you have the proper security software in place to minimize the ability of a Cybercriminal to hack into your system via email and web usage. Using the most advanced threat protection software is important as Cybercriminals become more and more advanced themselves.
7. Deploy Endpoint Security – in a world when more and more business is conducted outside of the office, it is essential to ensure that your network is protected when accessed via remote devices. Each connected device is a potential gateway to a ransomware attack. Endpoint security is designed to secure each endpoint on the network created by these devices.
8. Patch…Patch…Patch – by patching early and often to close known vulnerabilities in operating systems, you can greatly reduce the odds of a ransomware attack.
Unfortunately there is no solution that is 100% effective against preventing a ransomware attack. However, through awareness, the proper usage of security software and proactive measures to protect your data, you can greatly reduce the damage to your organization if such an attack should take place.