According to a recent article on ZDNet, Ransomware has surpassed Advanced Persistent Threats (APTs) “as the most problematic cyber threat.”
Ransomware is a piece of malicious software (malware) that will encrypt files on a computer or multiple computers. This renders the files inaccessible unless a decryption key is available. Whether the victim organization is a hospital, police department or a retail chain, the impact can be devastating and potentially unrecoverable in some cases.
Typically, once the malware has finished encrypting data, there will be a pop-up window informing that a ransom will have to be paid within a given timeframe for the decryption key or the files will be lost forever.
The easiest way for most folks to deal with it is to simply pay the ransom, get the decryption key, and go on about their business.
This is exactly why Ransomware has become so prevalent. It pays.
How does a business avoid this problem or recover from it on their own if it does happen? First – silver bullets for ransomware are few and far between and tend to be specific to certain variants. For instance, CryptXXX was able to be defeated by a tool from Kaspersky. That’s no longer the case.
If it were easy to defeat them, they wouldn’t be so prevalent.
Train the users. Ensure they have access to security training and are aware of best practices. Ransomware often gets installed when someone clicks on a link in an email or opens an attachment. Make sure users are thinking before they click. If something seems suspicious, don’t click the link or open the attachment. Trust your instincts.
Make sure the software you have loaded on your systems is regularly patched and is as up to date as it can be. Consider removing software that is rarely or never used. The reason for this is that another common delivery method for ransomware is through third party advertisements on websites. These ads are delivered primarily through Adobe Flash and sometimes Microsoft Silverlight. They can actually load and run the ransomware without the user even interacting with the ad. Disable or uninstall Flash and Silverlight if you don’t need them.
If you have a firewall (you really should have a firewall), there are threat data sources available that can be used to keep firewall blocklist rules up to date. What this means is the firewall blocklist will be able to prevent access to locations that are known to be ransomware delivery sources.
Website restrictions. It’s up to you as to how restrictive you want to be with general web surfing, but as a rule of thumb, it should be kept to business related websites. There are many website restriction and logging solutions out there to accomplish this.
Back-ups. Back-ups are critical to being able to recover from a ransomware event. Preferably, your back-up strategy will include incremental online back-ups in order to facilitate a rapid recovery. Once you have a strategy in place, it must be tested regularly.
There are even more powerful tools and aggressive strategies involving more in-depth technical configurations that can be taken to help combat this threat, but they can come with a corresponding cost and level of complexity…a discussion for another time.
If you’d like to find out more, please contact us at email@example.com or give us a call at 757-243-1257.