Ransomware Threats on the Rise
Ransomware threats are a leading security trend for 2016 and has shown no signs of dissipating. It is a lucrative way for cybercriminals to make money. Everyone is a potential target. Businesses, government, law enforcement, schools, hospitals and individuals, have all been impacted by ransomware. No operating system is safe. Windows Operating Systems have been the primary target. However, ransomware has also been reported for Macs, Linux and mobile devices.
Ransomware threats and infections generally start via a link in an email. The unsuspecting user clicks the link and the malicious code is downloaded and installed on the computer. The user’s files are encrypted as well as any device or network drive the user is connected to. A popup appears stating that to obtain the key to decrypt the files a ransom needs to be paid in Bitcoin funds.
Once a user’s files are encrypted the odds of decrypting the files are slim to none. Ransomware uses an RSA-2048 bit encryption key making it impossible to crack at this time.
The recommendation from the FBI is not to pay the ransomware. You are dealing with cybercriminals and there is no guarantee that they will send you the decryption key or that the decryption key will even work. Paying the ransom may also make you a target again because you were willing to pay the first time.
Some victims have paid the ransom like the LA hospital. They felt paying the ransom would be faster than the time it would take to bring back their system. In recent news, a Canadian university paid approximately $15K USD to get their files back because they did not want to risk losing any of their research.
Taking preventive measures is the best course of action to protect your business against a ransomware attack. To avoid an attack, here are some actions that you can take.
Perform Daily Backups
Run daily backups of your files and store them in the cloud or in a storage device or server in an offline environment. Any connected device or shared drive could get infected as the ransomware spreads.
Don’t Click Suspicious Links in Emails
Emails have been the primary mechanism to deliver ransomware. Security training is recommended to educate and create awareness among users. The challenge is that users can become complacent or forgetful of their training once their day-to-day tasks resume. One technique to keep users engaged is to have mock phishing emails. This will keep users alert and attentive.
Use Ad Blockers and Keep Browsers Patched
Another mechanism to distribute ransomware is malvertising. This is when an attacker compromises a website by embedding malicious code in an ad. Using an ad blocker and patching your browser can be an effective preventive measure.
Patch firmware and software
Keep firmware and software fully patched. In an incident earlier this year, MedStar was the victim of a ransomware attack. Attackers infected an unpatched server causing MedStar to shut down most of its network.
Block Unauthorized Software
Whitelist only corporate approved software to run on users’ computers. Any software that is not whitelisted is blocked from launching. Another approach some companies take is to reserve the installation of software only to those who have admin privileges.
Limit Access Rights
Only give users access to what they need to get their work done. Limiting user access will help restrict ransomware from spreading throughout your infrastructure.
Disconnect the infected machine
As soon as an intrusion is detected, remove the computer or system from the network to prevent further infection. This includes Wi-Fi and Bluetooth technologies.
Layer Your Security
Deploy a layered approach to your security. This includes an anti-virus, download protection, browser protection, heuristic technologies, web filtering and firewall.
Conclusion
Ransomware threats are real can create a crisis when your system becomes infected. There is no quick fix to restore a system infected by ransomware. The best course of action is to have a comprehensive security policy in place and all employees follow it. Enabling ransomware solutions that are preemptive will help to ensure the continuity of your business.
Leave a Comment