Ransomware is on the rise, with cybercriminals regularly developing new variants of the malware, targeting more businesses, and demanding larger payments to “restore” user data. With the emergence of ransomware-as-a-service (RaaS), even criminals with minimal technical skill can launch devastating attacks against businesses and organizations. According to the FBI, Ransomware payments have dramatically increased to around $1 billion in 2016, compared to just $24 million in 2015. With this growing malware epidemic, it is important to not only have awareness of the threat, but also know how to protect yourself and your business.
What is Ransomware?
Ransomware is a form of malware that encrypts files on an infected device, effectively “locking” and holding the files hostage until a “ransom” fee is paid. The malware is spread, in the vast majority of cases, through spam and phishing emails containing malicious attachments. These emails are often mimicked to look like a legitimate email from an acquaintance, easily fooling the intended victim.
Several months ago we were contacted by a client who desperately needed help rescuing an office computer. She claimed it became virtually unusable after a seemingly legitimate email was opened by one of her employees. With a popup on the screen demanding immediate payment to restore all files and prevent them from being lost forever, it was clear ransomware was the most likely culprit. A quick investigation confirmed the theory as all files on the computer were in a “locked” state. To make matters worse, it quickly became evident the malware also encrypted the files on two shared drives on her network. Fortunately, this particular ransomware infection was not complex and we were able to create a solution to decrypt the files. Once the files were successfully restored and all instances of the malware manually removed, it was evident to the client that security needed to be hardened immediately. Since the incident, she has taken our advice to thoroughly upgrade her security, establish formal security policies, and provide training to her staff to combat the risks of malware infections that could otherwise prove catastrophic.
How to Combat Ransomware
There are several things businesses and organizations should be doing to combat ransomware and reduce the risk of becoming infected.
The best defense against ransomware is maintaining daily backups of all your data. I find having at least two different [current] backups in addition to an archive and offsite backup to be an effective setup, one that has proved to be a lifesaver on more than one occasion. It is important to note that ransomware is known to also attack the drives mounted to the infected device; as such, it may be wise to disconnect any infected computer from both the network and other devices as soon as possible.
Installing and maintaining security software with the latest security updates is crucial as it will help protect your device against known versions of the malware. However, this will not protect your computers against zero day exploits – in this case, newly released versions of ransomware that are not yet known by security software vendors.
Limiting the permissions of employees on their machines is another important step in hardening security. It’s typically not recommended for employees to have administrative privileges if they don’t need them. This concept also applies to those at home with personal computers. It’s better to have an account with standard, more restricted permissions for every day use and a separate account with administrative privileges to be used only when needed.
Lastly, it’s important to perform training sessions where possible geared towards raising awareness of the latest cyber threats, in addition to how to avoid them and what to do should an infection be suspected. Developing and maintaining clear security policies for employees to adhere to is key.
Have You Become a Victim of Ransomware?
If your business does fall victim to ransomware, the decision to pay is not one to be taken lightly. Though some businesses have reported paying the ransom demand and having their files restored, there is nothing stopping the cybercriminals from attempting to extort even more money or simply disappearing after receiving the ransom. While some recommend only paying the ransom as a last resort, many security experts argue that you should never entertain any ransom demand. Robert Herjavec, CEO of The Herjavec Group, an information security firm, said on CNBC’s “Squawk Alley” in 2016, “We never recommend that you pay because you have no guarantee that you won’t be a victim again.”
Should you decide to tackle a ransomware infection head-on, hiring a cyber security expert may be one of the best routes to take to potentially save your data without giving into the demands of cybercriminals. For businesses with technologically savvy staff or strong self-determination, there are various decryptors available on the Internet, many of which are free, that can successfully restore files locked by many types of ransomware infections. Be sure to verify the source is trustworthy.
Whether you’ve overcome a ransomware infection or are simply reading this to learn more about a rapidly growing epidemic, it’s important to take away from this how crucial it is to maintain modern security practices in order to protect yourself and your business from the many cyber threats that exist in the world today, and the ones that will be unleashed tomorrow.