What is ransomware?
Summary
What you need to know to protect yourself from ransomware.
Time: 5 minute read
Ransomware attacks continue to grow in number and sophistication. If you are responsible for IT and security management in your organization, knowing how to protect your organization against ransomware is a must.
For example, a May 2019 ransomware infection hit the city of Baltimore’s computer system. The attack affected hospitals, vaccine production, airports, and ATMs. The total cost? Estimated around $18 million.
Governments and large corporations may get the most attention, but they aren’t the ones that suffer most. Consider these statistics:
It’s estimated that ransomware costs small businesses $75 billion a year¹
The cost of downtime and data loss puts small and mid-size business at the biggest risk²
The average Q4 2019 ransomware payment was $41,198³
The average Q4 2019 downtime cost was $64,645³
Average downtime has increased to 16.2 days³
Bitcoin remains the preferred payment in 98% of attacks³
In this article, we’ll answer –
What is ransomware
How it works
And how to protect your organization against it
How does ransomware work?
A ransomware program activates and infects a computer when a user:
Clicks on a website link or a link in an email
Opens an attachment in an email
Once activated, the malicious program runs an encryption program shutting down access to the computer. At this point, the device becomes useless. If you have a back-up in place, you can shut down the infected PC and quickly redeploy a new one. If you don’t, you are stuck deciding if you will pay the ransom or just lose the data.
Why do ransomware attacks continue to increase?
Quite simply, they work.
Ransomware cybercriminals make a lot of money on these attacks. Most ransomware scripts are not amateur efforts. These are done by highly advanced international crime rings that are well-financed and run like a business.
The ransomware programmers, also called authors, have a huge incentive to invest in developing new and more advanced encryption algorithms. They also continue to evolve the delivery of these programs to ensnare companies and force them to pay the ransom.
Attackers don’t seek to bankrupt their targets. They aim to infect as large a number as possible to get as many people as possible to pay. And as noted in the statistics at the beginning of the article, Bitcoin remains the preferred payment method, posing another costly and logistical challenge for organizations that suffer an attack.
Fortunately, you can protect your organization with a proactive approach to network and endpoint security.
How to protect your organization against ransomware
To protect yourself against ransomware, you need to implement a three-point strategy.
#1 – Deploy essential security measures.
Block infection from reaching your network by securing your mail and web gateways. Deploy packet inspectors to scan and block fraudulent emails and prevent users from accessing known malware generating websites.
Patch all applications, and patch them often. The Wanaycry and Petya ransomware that decimated networks around the world, causing billions in damages, relied on an exploit that Microsoft issued a patch for 3 months earlier. People who patched their systems regularly were not affected.
Recognize antivirus software is your last defense, not your first. You should still have a strong and up-to-date AV software, but understand that if a ransomware attack gets on your network and to the endpoint, it may be too late. Malware writers constantly change their attack vectors to exploit newfound vulnerabilities in software. Keeping your virus definition files up to date is essential, but the last hope to stop the latest threats.
#2 - Educate your users.
Your users must know how to spot ransomware. For example, they should never open a file from anyone until they confirm the email address. Just because the name of the sender says it is your bank doesn’t mean it is; the actual email address might read xty34ii@psdhnle.com.
This is a vital step in preventing targeted attacks. The better educated, the lower your risk. At the same time, you must be realistic. It only takes one accident to compromise an entire network. Regular training helps reduce the chances of accidents.
#3 – Be prepared for an attack.
Maintain a good set of backups. With a good set of backups, you can simply retire the infected PC, deploy a new one with the backed-up data, and get back to work.
Keep backups disconnected, or offline, from the main network. The Petya virus was able to spread so fast because it used Windows management tools to spread from computer to computer, infecting data as it went. It could also infect network-attached storage connected to the network. If your backup copies are on the network, they could also be encrypted making them unusable. Tape backups have made a comeback because of this reason. Offline remote backups are also an effective way to mitigate infection.
Pay and pray? If you have been infected, and you do not have a good set of backups should you pay the ransom? If you do, you embolden the attackers. If access to the data becomes a matter of life and death, like with hospitals that have been infected, you may have to pay and hope that you are dealing with an ethical digital gangster who will really return your data. These situations are a big reason cyber liability insurance has become so popular.
Protecting yourself from ransomware
Increased remote workers introduce new opportunities for cybercriminals to wreak havoc on organizations of all sizes.
Implementing the three strategies outlined in this article offers the best approach to protect your organization against a ransomware attack. If you have questions about how to do this, one of our managed security service professionals will be happy to speak with you. Please do not hesitate to contact us and see how we might help.
Ebook: Ransomware, Containment and Isolation
Discover the multi-layered defense against devastating ransomware attacks.
View the ebookRecommended for you
Backup and disaster recovery: Not just an IT issue
Productivity is lost every day and hour without essential data. Data protection, data backup and disaster recovery plans keep business up and running.
What does data security compliance mean for small business today?
Explore the essentials of data security and compliance for small business success.
Girl Scouts Heart of Central California
See how Girl Scouts Heart of Central California refreshed its IT infrastructure with cost-effective solutions.
- ¹ https://www.datto.com/news/american-small-businesses-lose-an-estimated-75-billion-a-year-to-ransomware
- ² https://www.beazley.com/news/2019/beazley_breach_briefing_2019.html
- ³ https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate