Ransomware was once a blip on the cyber security radar, but times have changed: Ransomware attacks grew nearly 500 percent, to 3.8 million attacks, from 2014 to 2015.
Ransomware has been headline news ever since hospitals became big targets. One survey found that only 18 percent of hospitals haven’t been hit with ransomware attacks. But health care isn’t alone: Police departments, schools, and churches are all seeing ransomware attacks grow in frequency. Still, some organizations fail to protect themselves or are simply unaware of the threat ransomware poses.
Delivered through spam emails with malicious attachments or links, ransomware encrypts files on the endpoint once executed, preventing users from accessing any applications or files until the ransom is paid (usually in untraceable Bitcoin or other digital currencies).
Because it’s constantly evolving and diversifying, and a wide swath of new variants arises daily, ransomware continues to subvert weak perimeter and endpoint protection. It persists because it works: Users paid hackers over $24 million across nearly 2,500 reported ransomware cases in 2015.
So how can you protect your organization? There are three major steps you can take to guard against these growing threats: fortify, mitigate, and educate.
Fortifying your environment against ransomware
Perhaps the easiest way to prevent crippling ransomware attacks is simply backing up. Backing up your data is something you should be doing anyway, and if you get attacked, regular file backups ensure you can transfer files to a new server and continue working. In addition, strategically isolating certain resources (like backups) prevents ransomware from chewing through your entire system in one go, allowing you to resume operations quickly.
Don’t forget security you have but might not be using. Turn on additional controls built into your defense or more aggressively enforce security policies and protocols. By leveraging these existing controls and tools, you can improve security without shelling out additional expenses. Also consider dropping network connections from devices that don’t need them. Every internet-connected device is just another potential entry point for ransomware.
Some organizations take their security a step further with ransomware checks and server isolation, but the first line of defense remains a strong perimeter. Next-gen firewalls can fill that role, equipped with content filtering and more granular controls. Organizations are extending that perimeter by pushing antivirus programs past the endpoint and using heuristic controls to better understand the network.
But behind those high walls, monitoring is key. Automated security checks can identify odd behavior and quarantine files for investigation. Whitelisting applications minimizes risks even further by ensuring only trusted programs can run.
Infected? Here’s your remedy.
If you’ve been hit with ransomware, should you pay up? Don’t go buy Bitcoin — there are other ways to solve the problem.
If your security system alerts you to ransomware, make sure those files are identified and quarantined. If you’re locked out of particular computers or databases, use your backups to continue operations as usual.
In the meantime, locate the vector infected by the ransomware and close the vulnerability that allowed it to gain access in the first place. If you can determine the variant by submitting a sample to a trusted security expert, you might be able to prevent a similar attack in the future. SHI’s ransomware help guide also offers high-level advice and references on ransomware protection and incident response.
But if you don’t have backups, see if you can identify the variant – there may be known ways to undo the damage without ponying up the money.
The secret weapon against ransomware: education
One way to keep ransomware at bay is through better employee training and education. Your employees, in many cases, will be your first line of defense. Training employees to spot common IT traps (phishing emails or pop ups demanding an application be downloaded) will help mitigate one of your biggest vulnerabilities: human beings.
Train your employees to only open emails and files from known senders and recognize emails that don’t sound right, even if they’re from a familiar address. When employees recognize the tell-tale signs of IT threats (entering personal or company data in a strange email, for example), they can prevent an intrusion and alert IT to the threat.
Ransomware attacks can be a boogeyman if you let them be. By protecting the perimeter and training employees, organizations can improve their security and reduce the likelihood of a ransomware attack.
Do you have a question about ransomware? Leave us a comment below.