Earlier this year, a survey by Osterman Research revealed that 54% of UK organizations had received ransomware threats – a fifth of firms said that attacks were so severe that they immediately stopped business operations. Sectors that suffer include healthcare, finance and education – Bournemouth University in the UK has received at least 21 known ransomware threats.
So, if your business hasn’t been hit yet, the chances are it may be soon.
As with so many money-generating computer viruses, organized crime is the driving force behind it. Research from Palo Alto Networks suggests that ransomware Crypto Wall has generated some $325m (£215m) for those involved. For the more technically challenged attackers there’s even the emergence of ransomware-as-a-service (RaaS)
Despite these large numbers, the average UK ransom asked for is about £540, usually requested in bitcoins, because that’s less traceable. To add urgency, a time limit is often set, after which the data is threatened with destruction. When the ransom is paid, an unencryption ‘key’ is sent.
People are the weak point
There are many types of ransomware around, many of which are delivered opportunistically by email - a phishing approach, spam, or fake software updates. Shipping notices are a popular vehicle. Then all it takes is an unguarded click … to fall victim.
With Michael Bruemmer, Vice-President of Experian Data Breach Resolution, revealing that ‘employee negligence’ is the root cause of about 80% of all the breaches they service … controlling the ‘human factor’ is often the best way to prevent a ransomware problem in the first place.
An important element in that process is effective employee training, though what is available often lacks depth and breadth. That’s because cyber security isn’t always being made a strategic priority within organizations. Instead, it’s seen as simply a burden, not a benefit.
Effective training should ensure that individuals understand their personal responsibility for information security, something that doesn’t apply only to ransomware. To facilitate learning, some organizations are ‘gamifying’ the process, turning education into ‘serious fun’.
How else to avoid an attack?
Since most ransomware takes advantage of known vulnerabilities, ensuring all software patches are up-to-date remains one of the best forms of security. Beyond that, for most organizations, layered security – anti-virus software, web filtering and personal firewalls – will help create a ‘digital shield’ that can stop ransomware breaking through.
In many organizations, most users are local administrators who able to install ‘unvetted’ applications and make system adjustments. This leaves the door open for ransomware to creep in. In this environment, everyday tasks such as web browsing and e-mail checking become unsafe.
However, by making the most of Window’s User Account Control (UAC), you can introduce extra resilience to attack by blocking or restricting unauthorized applications that might otherwise compromise data, particularly at endpoints such as laptops, desktop PCs, removable storage and mobile devices, which can become conduits for transferring vulnerabilities to the network. Given the widespread adoption of BYOD (Bring Your Own Device) policies, an organization’s network security perimeter has been all but erased.
If the worst happens
If ransomware hits, then making sure you are continually backing up as close to real time as possible, is the backstop that minimizes damage by ensuring you can restore data without having to pay out a ransom. Serializing backups so that older versions remain available is a sensible precaution, should newer versions become encrypted.
Should you pay up?
Official policy is to never pay anything to any blackmailer. If you do, they are likely to see you as a ‘soft touch’ and keep coming back for more. Cyber criminals also share information about who pays, further entrenching ransomware in the system.
And even if you get all your data back – and there’s no guarantee that you will, or that it won’t be corrupted – there’s still the downtime involved in restoring the system. The average time taken to fix issues caused by a ransomware infection is around 33 working hours.
Nearly two-thirds of organizations hit by ransomware demands pay up. Of those that don’t, over half (55%) lose their kidnapped data – with no unencryption key it is virtually impossible to recover files.
A ransomware attack is especially damaging to companies that have no incident response ability or backup program in place, and so aren’t able to respond quickly or effectively.
If your first priority is to prevent a ransomware attack getting through, your second priority is to turn it from a commercial and reputational disaster into just an inconvenience.