Businesses of every size are constantly threated by the brutal force of cyberattacks.
Ever since the first days of the world wide web, a form of blackmail called Ransomware has plagued businesses and individuals alike. So how does this work, why do people do it and how to protect your organization?
Ransomware is a type of malicious software that threatens to publish data and/or block your access to the files until a payment is made. Usually you have a deadline of only a few days to pay the hacker and sometimes you get two deadlines for different reasons. (You can see this man's own struggle meeting this here in a paper he wrote about the experience of being a victim to one of these attacks. He explains his frustrations, his advice, and his loss. Written late-2016.)They can hold your files ransom in many ways, but the most popular way attackers choose is encrypting your files and holding them (this is more successful for businesses who do not practice proper business continuity). Another variation is when an attacker literally locks you out of a computer. They can infect the system files to a point where rebooting the machine will only result in a message they make appear in the BIOS (the computer's operating system for troubleshooting, etc.) Here is an example of one of those messages instructing someone to go into the deep/dark web and pay for a key to unlock their own files...
As most forms of blackmail go, you are discouraged from alerting the authorities and have very little option other than paying and leaving it at that, but the best way to solve these issues is to have a defense strategy before anything even happens. Not being allowed to access your own crucial data until you make a ransom payment causes a huge disruption to an organization’s productivity and can even cause small businesses to close permanently. We would like to share with you how our partners at the cyber-security giant, Sophos, suggests you can defend against it:
- Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
- Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
- Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
- Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit. In the case of this attack, users want to be sure they are using the most updated versions of PDF and Word.
- Use Sophos Intercept X if you are looking to protect an organization. Intercept X stops ransomware in its tracks by blocking the unauthorized encryption of files.
Ransomware is the modern way of extortion and will disable you from using systems and devices until you pay up. Criminals (especially cybercriminals) are smart, quick, and adaptive. They will always be searching for ways to exploit weak networks and profit off an organization’s demise. Sometimes, paying the person does not even solve all your problems. There is no reason they cannot continue extorting you for more money.
“…these attacks have remained an incredibly profitable route for cyber-criminals. Businesses need to marshal their resources, ensure they have a strategic plan in place, train up their workforce and deploy the full gamut of policies and procedures to keep their networks and systems safe”, says Mike Simmonds of Axial Systems, a UK based MSP.
Here is a short read about the types of these attacks, how they do it, and some steps to prevent it. (Written early-2016.)
Here is an guide that discusses in greater detail how to deal with Ransomware as a business,