Ransomware: Is Your Organization Prepared?
All organizations should have a comprehensive strategy to reduce the impact of a ransomware attack.
Articles published May 5, 2017 by Rob Griffith
Do you remember the movies or TV shows where someone was kidnapped and the kidnappers left a ransom note? Similar to this in the cyber world is a constantly evolving and growing threat called ransomware. Ransomware is a form of malware software that “kidnaps” access to your network, applications, or data until a certain amount of money is paid by the victim.
It does this by encrypting certain data, so you can’t get to the information, or blocks access to systems and applications. Ransomware usually infects your computer or device with a Trojan virus from phishing emails or malicious programs on a website. Once it is installed, a ransom message usually pops up when the user restarts their device. Ransomware is the new virus, as hackers have primarily shifted away from servers and on to endpoints. In general, endpoint users are typically less technical and have different levels of trust.
All organizations, large and small, need to be prepared for ransomware attacks,and should have a comprehensive strategy to reduce their risk of being impacted.
The statistics on ransomware are startling. The FBI expects the ransomware industry to reach $1 billion for cybercriminals this year, and the government reports that more than 4,000 ransomware attacks happen every day.
According to a Ponemon Institute report, 56 percent of organizations are not prepared to fight ransomware attacks.
An IBM study discovered that almost half of the respondents had experience with a ransomware attack, and 70 percent of those ended up paying the hacker to recover their stolen data. Out of that 70 percent, 20 percent paid $40,000+, 25 percent paid $20,000+, and 11 percent paid $10,000+.
Symantec reported the U.S. is the most affected region of ransomware. They went on to report that ransomware infections target organizations 43 percent of the time, and consumers 57 percent of the time.
Whether it’s your organization that gets infected or a home computer, the impact of ransomware can be devastating. You can permanently lose important and private information, you can expose critical flaws in your organization, impact your reputation, and potentially lose a lot of money. Even if you pay the ransom, it doesn’t guarantee that you’ll get the data back.
FBI Cyber Division Assistant Director James Trainor explained why you shouldn’t pay the ransom:
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
While you want your stolen or encrypted data back, it may not be worth giving in to the cybercriminal’s demands.
Does your organization have a plan and strategy in place, should there be an incident? What steps would you take to deal with the situation? Who would be involved and how would the communication and decision-making process flow and get executed?
While there isn’t a one-solution-fits-all tool or method for preventing ransomware attacks, there are several steps you can take today to ensure you’re prepared.
- Employee awareness: Educate your employees on how to identify phishing emails, malware, and ransomware. The number one element to ransomware’s success is the human element. Continuous education and testing of employees’ understanding through internal phishing campaigns are crucial pieces to the ransomware solution.
- Eliminate macros: Macros automatically perform frequent tasks, but they can be disabled. Disabling macros will ensure malicious content doesn’t automatically load.
- Block internet ads: Many third-party ads have some type of malware. It’s best to avoid the risk by disabling all internet ads on devices.
- Update and patch regularly: Make patches and updates on your system, software, and firmware a frequent occurrence.
- Limit administrative access: Don’t allow employees to have administrative account access. This will restrict what a ransomware attack could potentially infect.
- Have software restrictions: Prevent ransomware attacks from infiltrating and running common programs with a software restriction policy, or put access controls in place.
- Back up regularly: Make sure you’re backing up data on a regular basis, to ensure that the backups are operating as planned and can be efficiently restored.
- Have a plan: Having a plan in place is essential for preparedness. This plan should thoroughly lay out response and solution details, should your organization fall victim to an attack.
Ultimately, ransomware attacks can be defeated if your organization has established preventatives in place, such as educating employees, conducting regular data backups, implementing the appropriate technology tools, and having a disaster recovery plan.
What can your organization do today to defend against ransomware attacks?