Ransomware is a serious threat for companies of all sizes. The objective of this article is to showcase the dangers of ransomware and (more importantly) to give companies cutting-edge tactics they can use to protect themselves.
The False Narrative About Ransomware
This article’s readers will fall into two categories: those who have been recently affected by a ransomware attack and those who haven’t. The former group will have no illusions about the perniciousness of modern ransomware. However, the latter group may be under the misconception that ransomware is becoming extinct. After all, there are many headlines on the web touting the decline of ransomware.
Why Cryptomining Is the New Ransomware
Cybercriminals Move from Ransomware Attacks to Crypto Mining
The Decline of Ransomware and the Rise of Cryptocurrency Mining
Nevertheless, the statistics gainsay the decline of ransomware. The headlines don’t tell the whole story. Ransomware is still alive and thriving. Look at the following statistics.
- 48% of IT consultants noted an increase in ransomware related consolation and inquires. (Intermedia, 2017)
- From 2016 to 2017 Ransomware attacks spiked 350%. (Dimension Data, 2018)
- In 2017, 25% of cyber insurance claims were because of ransomware. (AIG, 2018)
- WannaCry ransomware could cost businesses $4 billion (Cyence, 2017)
Organizations of all sizes are impacted by ransomware attacks, even as rumors of ransomware’s decline float around the internet. These attacks are inconvenient and expensive. For instance, the town of Matanuska-Susitna, Alaska had its phones, servers, computers, and email exchange crippled by ransomware, forcing the town’s employees to use typewriters. Likewise, the city of Atlanta had to pay 17 million to clean up the devastating SamSam ransomware attack.
In summary, ransomware is still active and pernicious.
No Industry Is Safe From Ransomware
You may have noticed the examples above (Atlanta and Matanuska-Susitna) involve public sector organizations. It’s true that many high-profile ransomware salvos are against municipalities. At the same time, there is a myriad of ransomware attacks against the private sector. Here are some headlines that show the private sector is not immune to ransomware assaults.
- Ransomware Attack Targets Adams Memorial Hospital
- Allscripts sued over ransomware attack, accused of ‘wanton’ disregard
- Hospital pays $55,000 ransom; no patient data stolen, Greenfield, IN
- LabCorp 90% recovered from SamSam ransomware attack, Burlington, NC
You can find a myriad of examples of private sector companies that have fallen victim to ransomware. Here’s another point to consider: some ransomware attacks are never reported. Municipalities and hospitals typically have government regulations that demand disclosure. Conversely, many private sector businesses are bound by no such regulations and wish to stay out of the press. Therefore, the rate of ransomware attacks against private organizations is likely much higher than we know.
Practical Ways to Protect Your Company From Ransomware
Inventory Your Internet-Facing Assets- When your network is connected to the internet, your security is tested. Your internet-facing assets are open to being probed by hackers. The first step to securing these ports is to catalog them. Once they’re totally archived, you can ensure they’re protected by your security measures.
Filter All Email for Spam Messages- Email attachments with ransomware infect millions of computers. You can protect yourself by not opening up unsolicited attachments in unverified emails.
Macros- Disallow macros unless they’ve been verified by your IT admin or your managed IT team.
Limit RDP Access- Require all RDP access to be routed over a VPN secured by 2-factor authentication.
Comprehensive Backup System- Disaster recovery as a service and a potent cloud backup will help remove the sting of ransomware.
Ransomware Protocol for Employees- Don’t allow bad company policy to compound the negative effects of ransomware. Employees must know who to alert in case of a ransomware attack. Also, employees often fear retribution when coming forth about a cyber-attack. Time is critical in these instances, so it’s imperative you alleviate these concerns so employees feel comfortable coming forward. Lastly, employees should have a clear directive about what can be discussed with the outside world.
Should You Pay a Ransom
IT professionals are of two minds about paying a ransom. First off, you have a couple of alternatives. David Harley, the Senior Research Fellow at ESET, suggests contacting your security software vendor because recovery may be possible without paying the ransom. Second, Harley opines you may be able to restore your data from backups.
Recovering from backups can be more expensive than paying a ransom. That’s why businesses decide to pay. This is often a bad idea. Even if you pay, there’s no guarantee the hackers will keep their word and decrypt your data. There are many accounts of hackers asking for second payments or never decrypting data. On a macro scale, you’re also validating the business model behind the crime.
If you decide to implement a policy of paying ransoms, then make sure you designate someone in the company to be the negotiator. Having the proper policy and procedure is key.
Conclusion
More and more companies are depending on data and technology. As that trend continues, ransomware will likely continue to grow. To deal with the growing ransomware threats it’s critical that your organization addresses risk management tactics. This can be done internally or by consulting endpoint security experts like your managed IT company. Contact us today for more info.