While most stories about cybersecurity attacks focus on stolen data being used maliciously by cybercriminals, the problem of ransomware, where users are prevented from accessing their own systems and data, is becoming an ever more dangerous and costly problem. Ransomware attacks have become more prevalent as hackers have discovered that it is often easier and quicker to block access to data and systems and then demand a ransom from the victim, as opposed to stealing sensitive information and then reselling it to other criminals.
In order to combat this threat, Network Depot, a leading provider of IT Support in the greater Washington, D.C. area, recommends that your company first understand what ransomware is and then learn the steps you can take to defend against it.
Ransomware Background
Ransomware has been around since at least 2005, although it is becoming increasingly more common, and is found in two different types. The first, simpler form is called Locker-Ransomware, which locks users out of their devices and disables the user interface. The second, more advanced form is called Crypto-Ransomware, which encrypts files, folders, and hard drives. Some of the more common ransomware variants include: CryptoLocker, Locky, and Cryptowall. The ransomware criminal normally demands a ransom of money or Bitcoins to allow access to data or to provide the decryption key to the victim. Many companies have given in and paid the ransom, which sometimes results in regaining access to their data, while sometimes the cybercriminals keep the data even after the ransom has been paid.
Ransomware gains access to systems most frequently through phishing attacks on employees with unsolicited emails, links, attachments, and offers that appear to give the user great deals or valuable information. Once the ransomware gains access to the system it will immediately attempt to lock out the user or encrypt anything it deems vital to the user. For example, Locker-Ransomware versions will take control of all aspects of a company’s website and then display a message on the website demanding a specific ransom be paid before restoring control back to the company. Crypto-Ransomware versions normally search out important data files and encrypt them until the ransom is paid.
Impact of Ransomware
The ransom amount demanded by cybercriminals varies greatly. Some cybercriminals have demanded many thousands of dollars from companies and recently one hospital in California faced a Bitcoin ransom note valued at $3.6 million. Most experts believe that as these attacks become more sophisticated and crippling, the ransom demands will increase substantially in value. This is one reason many experts advise that ransoms not be paid, as it only incentivizes the cybercriminals to step up their attacks and increase their demands.
In addition, the negative impact of a ransomware attack can be much more severe on a company if critical data is not accessible for days or longer or, even worse, if it is permanently lost.
Healthcare Industry Is a Popular Target
One sector that has been hit particularly hard by ransomware is the healthcare sector. In a recent study by Healthcare IT News, more than half of the hospitals surveyed in the US reported attacks by ransomware in the last year and another 25% weren’t sure if they had been impacted. Attacks have become so frequent that the federal Department of Health and Human Services has recently issued a summary of industry best practices to defend against ransomware.
Steps to Take to Protect Against Ransomware
In order to protect against ransomware and other cybersecurity attacks, your company should follow these recommend actions:
- As with all cybersecurity attacks, employees are the weakest link. Train your employees thoroughly in the best security procedures stressing that they should never engage in the following risky behaviors on their work devices: clicking on website links, visiting unknown websites, opening attachments, and responding to email offers. Your employees should also always use strong passwords and practice password change control.
- Limit the number of your employees with access to sensitive information. Also, a good rule of thumb to follow is to only allow highly-trained and security-conscious employees access to the minimum amount of sensitive information they need to carry out their responsibilities.
- Utilize the strongest and most up-to-date anti-virus solutions on your entire network. Consult with an IT Support expert like Network Depot to ensure your company is using the most effective solutions to keep your network secure.
- Use an IT Support expert to test the vulnerability of your website and network. An IT professional should conduct vulnerability scanning and penetration testing of the public-facing company website and web applications.
- Work with an IT Support professional to ensure your disaster recovery plan includes a comprehensive response to the ransomware threat.
- Maintain effective firewalls and robust backups of all critical data, including at least one offsite backup location. In the event that ransomware gets by your security layers and does infect your network, your company will then have the ability to restart your systems using the backups instead of having to pay any ransom.
Armed with this knowledge, and with the assistance of your trusted IT Support professional, your company should never have to face the pain of being held for ransom by ransomware.
For assistance concerning ransomware and any other IT-related issues, please contact us here at Network Depot.