The fastest growing malware threat, ransomware, has gone from 1,000 daily attacks to 4,000 in only one year. Targeting people at home and in the office, we’ve been forced to ask ourselves why such an explosion of this kind of malware is taking place?
Plain and simple – it works.
It works because users are falling for ransomware attacks more often than ever before with new cunning tactics being used by hackers. Here’s what you need to know.
What is Ransomware?
Most of the time ransomware will reach you in a “spear phishing” email. Norton.com defines this as-
“Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.” – Norton.com
The purpose of ransomware is the same as any other malware – to get to your critical data and systems and extort them. Ransomware is called such because it is often linked to a hacker taking control of a computer and locking a user out until they have been given a payment.
The common, run-of-the-mill ransomware messages will say something like this-
“Your computer recently visited a website with illegal content. You have not been locked out of your computer. To unlock your it, you must pay a $75 fine.”
“You only have 42 hours to submit the required payment. If you cannot meet the time deadline, all your files will be permanently encrypted and no one will be able to recover them.”
There are several very effective methods of stopping ransomware attempts dead in their tracks. You just have to add them to your arsenal. Here’s how to do it.
Protecting Your Critical Data
1- Begin by educating Your Personnel
Hackers most commonly breach a company’s security though a virus-filled email attachment. Simply training employees how to spot these fake attachments is the first step.
Of course, never click an unsolicited email attachment. You can also take matters into your own hands by simulating a phishing email during employee training.
2- Use Multiple Preventive Measures
Prevention is the most effective defense against ransomware. Don’t undervalue the danger of ransomware! Infections can be devastating to a company, and recovery may cost thousands.
• Put up strong email spam filters to stop virus-laden emails from ever coming in.
• Scan incoming and outgoing emails for viruses.
• Put up firewalls to block known malicious IP addresses.
• Have robust anti-malware and anti-virus scans automatically going at regular intervals.
• Manage your company’s privileged accounts and make sure administrative accounts only exist if they absolutely have to.
• Disable any Remote Desktop protocol if it is not being used.
• Use whitelisting for your applications – so that only those that are allowed to change networks can do so.
• Use a virtualized environment if possible to keep physical hardware safe.
• Separate your data houses into logical silos to keep chances of a total infection at a minimum.
3- Back-up and Test
• Back up your data at normal intervals and make sure these backups are viable and working.
• Conduct a thorough annual penetration test to make sure your system is airtight.
• Ensure your backups are not connected to the computers they are backing up – so that an infection will not compromise your backed up data.
What to do if Infected by Ransomware
Human error can still cause the most protected environment to fail. Here’s what to do.
1- Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent any further infection.
2- Isolate or power-off affected devices that have not yet been completely corrupted. This may give you more time to stop further damage from occurring.
3- Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.
4- Delete Registry values and files to stop the program from loading. You can do this if possible from your windows run function.
5- Contact law enforcement immediately. It is strongly recommended to contact the cyber division of the Federal Bureau of Investigation or U.S. Secret Service immediately upon discovery of ransomware.
6- Do not pay any ransom until law enforcement have assessed the situation.
Law Enforcement Can Help!
Law enforcement can use legal authorities and tools that are unavailable to most organizations. These tools can help you assess the situation, likely catch the perpetrator, and assist in recovering any lost data.
Need to contact law enforcement?
Federal Bureau of Investigation – Cyber Task Forces
Internet Crime Complaint Center
United States Secret Service
Electronic Crimes Task Force www.secretservice.gov/investigation/#field
Local Field Offices www.secretservice.gov/contact/