Ransomware--malicious software that holds victims' data for ransom--is increasingly in the news. Last year Petya ransomware attack extended to 65 countries, affecting large institutions such as the Merck pharmaceutical company and the Heritage Valley Health System in Pennsylvania, and the WannaCry ransomware attack infected over 100,000 organizations in 150 countries. More recently, the city of Atlanta was hobbled by the SamSam strain of ransomware, shutting down the court system, forcing police to use paper reports, and costing the city around $2.7 million for mitigation alone.
These and similar attacks are spread largely through the use of spam emails containing malicious attachments.
Can your business afford to have its data held hostage? The cost of downtime due to ransomware can be significant, and the FBI and others have strongly recommended that victims avoid paying the ransom. Plus, having your data encrypted by a bad actor could have serious legal implications, particularly if you store customers' private information.
Thankfully, there are ways to prevent ransomware attacks. Here's a list of four crucial tips to keep your data from being held hostage:
1. Raise awareness among your staff.
Sending fraudulent emails containing infected attachments or links remains one of the most common methods cybercriminals use to disseminate malware. Why? Because it works. These emails often look convincing, posing as normal business correspondence, such as invoices, quotes, work requests, or collections letters. And busy workers don't often think twice before clicking an attachment that looks important to their jobs.
Businesses, then, need to put resources into training staff members on the basics of email security, including principles like the following:
- Never open attachments or click links in emails that you aren't absolutely certain are coming from an individual you trust.
- Realize that criminals sometimes pose as reputable brands--or even reputable individuals with whom you are in contact--in order to trick you into clicking.
- When in doubt, send emails to your IT administrator to determine whether or not they are fraudulent.
Many businesses have even begun testing their employees by actually sending them fake spam messages. This can be an effective training tool when paired with intensive training sessions and periodic security reminders.
2. Make sure security patches and updates are being applied regularly.
The recent WannaCry ransomware attack operated by exploiting a vulnerability in the Windows operating system. This vulnerability had already been corrected by Microsoft in a security patch released in March of this year. However, the criminals behind WannaCry guessed that that many people would not have applied this patch yet, and they were right.
Patch management is not usually high on the list of priorities for businesspeople who are understandably laser-focused on accomplishing their daily tasks and achieving their business goals. Attacks like WannaCry, though, highlight the need for businesses of all sizes to work with network administrators who can monitor and apply patches and updates as they become available
3. Implement and consistently upgrade business-class antivirus, while realizing it isn't a silver bullet.
Modern antivirus software works by comparing the files it scans to vast databases of known threats. By doing so, it catches a large quantity of the malware, including ransomware, that comes into a protected environment. But when new threats like WannaCry first arrive, it’s possible that antivirus software will not detect them, because its threat database has not been updated to include them. Still, while some malware still makes it past even the best business-class antivirus solutions, antivirus is still a very necessary first line of defense.
4. Implement a business-class backup strategy.
Because the technology used in ransomware makes it virtually impossible to regain access to the data it encrypts, victims are really only left two options: pay the ransom or regain access to data through a restore from backups. It is imperative, then, that all businesses have daily, business-class data backups in place.
It’s also imperative that businesses who need to minimize downtime balance cloud backups with local, onsite backups, as restoring data from a local backup is much faster than restoring from the cloud.
Have questions about WannaCry or other ransomware attacks? Want to talk about ransomware-proofing your business? Contact us today.