How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
How ransomware is ransacking enterprise revenues
At the beginning of each year, we are ushered into the concept of what the new “new” is: Fifty is the new 40, red is the new blue and so on.
For 2017, Powernet recommends that organizations perceive ransomware as the new ‘terrorism’ threat to businesses. The FBI estimates that cybercriminals defrauded organizations of $209 million in ransoms in the first three months of 2016 alone!
Ransomware is a malware which has been rapidly gaining attention. It is typically introduced into a corporate network through an employee. From there it spreads quickly and executes a cryptovirology attack, affecting systems adversely. Subsequently, hackers demand a ransom to restore the data, and the malware has inflicted unprecedented damage and the threat of it intensifying looms large over the cyber world.
McAfee has discovered 5000 versions of 21 mobile applications that are being used to operate mobile collusion attacks on victims. A study reports that 39% of enterprises were hit by ransomware malware and 40% of those attacked paid ransom to retrieve their data. Attacks against organizations are gradually increasing. While wide-scale, ransomware campaigns remain most prevalent form of threat, new and advanced attacks are emerging.
The following is a breakdown of ransomware infections by region from January 2015 – April 2016:
Industry experts feel that this is only the beginning for ransomware
Most organizations are moving towards distributed enterprise system which requires connecting several enterprises to corporate networks. The arrival of Internet of Things is also expected to make the corporate networks extremely vulnerable to ransomware attacks.
The question which arises now, is how do we deal with such a problem?
How can an organization secure sensitive information?
Every business should have a thorough understanding of its data and various access points. If this information is gathered diligently, it would lay a rational basis for better information management. Governance policies also play a key role in reducing the impact of ransomware attacks.
Let us now look at some of the ways of dealing with ransomware threat:
TIP 1: Have a thorough understanding of data, as well as its organization
It is important for an enterprise to be thoroughly prepared and informed about a probable ransomware attack. Although a few groups—including CTB-Locker, CryptoWall 3, and CryptoLocker—dominate the current ransomware vista, it is predicted that advanced variants of these groups will surface with newer stealth functionalities.
For example, newer versions may begin encrypting information silently. These encrypted files could be backed up, but hackers would be capable of stealing both files on the systems and in the backup.
Sounds pretty scary, yes?
Hence, it is important for businesses to preemptively prepare for an attack by categorizing and assigning information by the relative value, sensitivity, and risk. This categorization of data would lead to proper record management and information governance, thereby ensuring greater security. Such an organization of data would help the firm recover ransomware-affected files without paying a ransom.
TIP 2: Have a stable backup strategy in place
Traditional backup practices may not provide an organization with ample security. An effective enterprise security strategy should entail quick backup and recovery solutions. Storing recently revised files and isolating the backup should be a critical component of the backup strategy. This ensures that the malware cannot access backup data.
A while ago, Hollywood Presbyterian hospital in California had to pay its attackers $17,000 in bitcoins. They fell prey to the ransomware attack primarily because they were not sure whether infected systems contained sensitive data or not. Had they followed cogent record-keeping methods, they wouldn’t have had to be in the position of putting their information in jeopardy.
TIP 3: Adopt multi-layered defense and anti-ransom tools
The nature of Malware is dynamic, and hackers are always finding new ways to intrude into a corporate network. Thus, it is imperative to have a paid anti-virus software with an automatic update feature and a real-time scanner.
Enterprises should introduce training to its employees to help them understand ransomware, and how they can work towards securing their company’s environment. Backing up data is a safe move, but not a winning solution. As a part of the multi-layered defense, it is essential to secure from endpoints to networks and servers.
Ransomware attacks are typically caused by employees opening spam e-mails. It is crucial that companies focus their efforts to recognize and block ransomware-related emails.
All suspicious attachments should be pruned promptly and not allowed to reach enterprise servers – no matter where they are – whether virtual, physical, or on the cloud. A colossal scale of ransomware can be blocked at web and email-levels.
With upcoming new variants and the triumph of “ransomware-as-a-service” business model, it is predicted that the rise of ransomware will continue through 2017. Hence, it is important to build a strategy to reinforce cybersecurity and protect your enterprise from ransomware attacks.
Finding the right cyber security partner can help you in understanding, detecting, and defending yourself from a potential ransomware attack.