Ransomware is a type of malicious software (malware) that has increasingly targeted businesses of all sizes across all geographies. Businesses are targeted and infected with ransomware through human weakness via social engineering and deception and occurs more often when business networks are not properly maintained, updated and secured.
How does it spread?
Essentially all ransomware is transmitted via phishing emails to you and your end users. With humble beginnings as generic or blatantly obvious scams, these emails have advanced to sophisticated and highly targeted emails to both your organization as well as to key players within your organization. Phishing scams have gotten to the point where they sometimes produce email chains that convincingly get employees to fulfill requests. Generally, phishing emails compromised with malware occur in two flavors:
- Email contains an attachment, which acts as a Trojan horse—with a virus hidden within it. Many file attachments— .pdf, .doc, .xls, and .exe all might appear as legitimate trusted attachments, but may not be as they seem.
- Email contains a link—the link may appear legitimate, it will take you to a website hosting an exploit kit.
Most often, when a user clicks on a link or opens an attachment, rapid encryption cripples their computer, and likely your entire network. And recent ransomware uses encryption protocols that are extremely hard to break—most attempts have failed to recover the data without paying a ransom.
But an alternative route to infecting your network is initiated by hacking a familiar website. Hackers have begun hacking trusted sites with intent to infect web visitors. If an end user happens to be using an outdated browser or is lured to install a browser plugin or some other software, they very well may be on their way to a serious malware infection.
While we normally advocate for prevention, detection and remediation for many cyberattacks and exploits, in the case for ransomware, we really want to make sure you have focused on prevention, business recovery and continuity and remediation. The truth is: it’s often really hard to detect ransomware until it’s too late.
We recommend a multi-layered defense to our customers. What this entails:
- Updates and Patches—all known system vulnerabilities should be fixed. Nearly 80% of attacks happen because network technicians fail to update their systems and apply all released system patches. And 99% of computers are vulnerable because patches aren’t promptly updated! If you are a Fixed IT customer, help us out by leaving your computers on each Thursday night!
- Threat Awareness and Training—your biggest asset is also your greatest liability. When your staff is not trained for the latest cyber threats, you risk greater chances of one of your team members getting your ENTIRE business infected and ALL of your data stolen and encrypted. Keeping your team informed is one of the most powerful ways to prevent ransomware from invading your networks. Here’s a link to some videos we created on figuring out if you are being hacked.
- Software Restrictions—Restricting software install to IT professionals ensures that everything that gets installed on your network is verifiably safe. Communicate with users the risks involved in letting them install software on their computers and explain why they cannot install their own software on their work computers.
- Business Continuity—I cannot stress business continuity enough. Your business needs to have a plan to deal with any type of disaster. And one of those disasters is (unfortunately) ransomware attacks. You need to have a plan in place that outlines what you need to do and who you need to contact in the event something happens.
- Regular Data Backups—backups are all the difference. In the event of ransom attack or even some other disaster that corrupts your data—think all of your email, contacts, sensitive data, for instance—all of this will be at your fingertips and your business will be up and ready within as little as an hour. Backup your data regularly—I recommend weekly at minimum—to ensure everything is up to date. If you are a Fixed IT customer, this is happening daily!
- Secure Backups—If your backups are on the same network that was hacked or infected, then the process of creating and backing up your data was worthless. Make sure you keep your backups far away from your day-to-day operations. [If you are a Fixed IT customer, we have this covered too!]
The Ransom—You may expect that paying a ransom will free up your data, but the reality is that many times, if you’re relying on criminals to comply with your request—even after you’ve paid their demands—you’re rolling the dice. Can you really rely on criminals to help restore your systems—the very criminals that put you in a bind in the first place? I certainly wouldn’t.
The FBI and other governmental organizations do not advocate you paying a ransom—as they’ve already realized you might not get your data back. And you paying a ransom will encourage larger attacks in the future—would you ever want to go through a ransom attack again? I know with certainty that I wouldn’t wish a ransom attack on even my biggest competitors.
We are here to keep your business running and your data safe! If you have any concerns about your risks for getting a ransomware infection that results in data loss and stops your business in its tracks, contact us today for a data security assessment and business continuity solution.