Hackers have embraced ransomware and have been more and more targeting businesses, yet many business leaders are unsure how to stop ransomware attacks. Due to this, the risk from ransomware is not being effectively managed, and that may prove very expensive.
Ransomware is a type of malware that is capable of encrypting files on local machines, network drives, and servers. Any computer that is linked to the Internet can potentially be infected. Even without internet access, files may be encrypted if a computer is on a network. The most recent ransomware variants are capable of spreading laterally within a network and encrypting the data on hundreds of devices.
Files required for important l business processes may be encrypted and rendered inaccessible. A successful attack can lead to in a company’s operations grinding to a halt. A healthcare ransomware attack can lead to patients’ health information becoming inaccessible. An attack on a pharmaceutical business may lead to files necessary for drug manufacture being locked, which could affect the quality of products. Lawyers offices may lose vital client information. Few businesses could continue to work at their full potential during a ransomware attack.
The loss of files can prove extremely costly, far less than the cost of any ransom payment. Many companies therefore are left with little option but to pay the ransom demand. Ransom payments are actually made surprisingly often. According to a recent study carried out by IBM, 70% of businesses that suffered a ransomware infection ended up paying the attackers to supply the keys to unlock their data. Half of those businesses paid more than $20,000 while 20% paid over $40,000.
Even when the ransom is paid there is no guarantee that a viable key will be given to unlock the encryption. Files may therefore be lost forever. One healthcare group in the United States recently discovered that files can all too easily be lost forever. Three months after ransomware was downloaded on one of its servers and critical patient health information was encrypted, Desert Care Family and Sports Medicine has still not been able to unlock the encryption nor view its patients’ data.
It is vital to learn how to stop ransomware attacks and to configure appropriate defenses not only to stop attackers from installing ransomware, but to ensure a system is put in place that will allow data to be recovered without having to resort to meeting a ransom demand.
Recovering from a ransomware attack can be extremely costly. Ransom payments can be huge. Business can be lost while systems are taken out of action. Even applying keys that have been supplied by hackers can be long winded. Each encrypted device has its own key, and those keys must be applied very carefully. A forensic analysis is also crucial after a ransomware attack to search for backdoors that may have added, as well as to determine if data have been illegally obtained. Extra protections then need to be put in place to stop future attacks from occurring.
Preventing Ransomware Attacks
The first and most important step to take will not eliminate ransomware attacks, but it will help you to recover from a ransomware attack promptly without having to pay a ransom. Recovery will depend on you having a viable backup of your data. Total file recovery may not be possible, but it you should be able to recover the vast majority of your files.
For that to happen, you must ensure that all files on all devices and network drives are backed up. That includes all removable like flash drives. Backup files must be stored on a non-networked drive, in the cloud, or ideally on an air-gapped device – one that is unplugged as soon as the backup is completed. Multiple backups should ideally be made with one copy stored in the cloud and one on a detachable storage device. You should always maintain backups in multiple files. If one happen to become corrupted, you will not lose all of your data.
- Avoid the use of administrator accounts with lots of privileges as much as possible. If an administrator account is necessary, use it and then change to a guest account with restricted privileges. This will cut the damage caused if the user’s machine is infected.
- Ensure that all software is updated and your group employs good patch management practices. In particular, ensure browser and plugin updates are applied promptly. Flaws can all too easily be exploited and used to install ransomware.
- If plugins are not necessary, delete them. Adobe Flash in particular, but also Java and Silverlight. If required, they should need to be activated individually as and when required.
- Ensure employees’ computers are set up to show file extensions. If full file extensions are displayed, it is easier to identify possibly malicious files with double extensions.
- Ensure macros are turned off on all devices. At the very least, ensure macros do not run automatically.
- turn off Remote Desktop Protocol (RDP) on all devices unless it is absolutely vital.
- A web filter can be used to stop end users from visiting malicious websites where ransomware can be installed. A web filter can also block malicious third party adverts (malversting).
- End users should be advised never to open files from unknown senders or to click on links included in emails unless 100% sure that the links are genuine.
- The use of a spam filter is very important. The spam filter should be set up to aggressively block threats. Executable file attachments should also be automatically quarantined.