If you aren’t worried about a ransomware attack on your organization, you should be. According to Cybersecurity Ventures, a trusted source for cybersecurity facts, figures, and statistics, annual ransomware damages will skyrocket to $20 billion by 2021. The consequences of a ransomware attack can be catastrophic, and they’re difficult to deal with once your system has been infected.
What is ransomware?
Ransomware is an umbrella term that covers a lot of different kinds of malware that prevents users from accessing their system or personal files and demands ransom payment to regain access. These types of malware all have one thing in common, however: threatening you or your data to extort a “ransom.”
Once infected, users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. Even if you pay the ransom to get your data back, it does not guarantee that it will decrypt the files. The data might appear to be decrypted after you make the payment, but it does not mean that malware infection has been removed. You must assume your system and all systems on your network are now infected.
How did I get ransomware?
Initially, ransomware victims were individual users. However, as cybercriminals realized its full potential, they started targeting businesses. Ransomware was so successful against businesses, halting productivity and resulting in lost data and revenue, that criminals turned most of their attacks toward them.
Even though the businesses are the targets, it is the individual workers who are the gateway. One of the most common delivery systems for ransomware is phishing spam—attachments that come to the victim in an email, masquerading as a file they should trust. The email might include booby-trapped attachments, such as PDFs or Word documents.
Another way ransomware can infect a computer is through compromised websites. You can unknowingly visit an infected website and it will download malware to your computer without your knowledge. Once the malware is downloaded and opened, it can take over the victim’s computer and can then encrypt files on your computer, effectively locking your system.
Preventing a ransomware infection
Prevention is the most effective defense against ransomware, and it is critical for organizations to take precautions for prevention. Reminding your employees never to click unsolicited links or open unsolicited attachments in emails is a good first step, but it is not enough.
Because your employees are targets, an employee awareness and training program is essential. At Christian Brothers Services, for example, the Information & Technology Services Division conducts complete regular, mandated security training for all employees. The training is part of a coordinated campaign that combines training and phishing simulation. Automated, simulated phishing attacks are emailed to employees. These emails mimic a genuine phishing attack email and are tracked to determine who clicks the link. The information collected shows which employees require additional education to improve their ability to better spot red flags.
The Federal Bureau of Investigation (FBI) also recommends these preventive measures:
- Enabling strong spam filters to prevent phishing emails from reaching end users
- Scanning all incoming and outgoing emails to detect threats and filter executable files from reaching end users
- Configuring firewalls to block access to known malicious IP addresses
- Patching operating systems, software and firmware on devices
- Setting anti-virus and anti-malware programs to conduct regular scans automatically
- Managing the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed, and those with a need for administrator accounts should only use them when necessary
What if ransomware infects your system?
Should preventative measures fail and one or more of your computers have been infected with ransomware, what should you do? Here are some immediate actions to take:
- Isolate the infected computer(s) immediately. Remove infected systems from the network as soon as possible to prevent ransomware from attacking network or share drives.
- Isolate or power-off affected devices that have not yet been completely corrupted. This may afford you with more time to clean and recover data, contain damage and prevent worsening conditions.
- Immediately secure backup data or systems by taking them offline. Ensure backups are free from malware.
- Contact law enforcement immediately. Contact either a local field office of the FBI or U.S. Secret Service to report a ransomware event and request assistance.
- If available, collect and secure partial portions of the ransomed data that might exist.
- If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.
If you have been attacked and your system has become compromised, should you pay the ransom? This is a serious question for any organization faced with losing its data. You must evaluate all of your options to protect your employees and customers. The FBI does not recommend paying ransom to criminals. Paying a ransom does not guarantee your organization will regain access to your data and could even make you a target for another ransomware attack.
Ransomware attacks can be devastating, and unfortunately, it can be extraordinarily difficult to get your files or computer access back once the malware takes hold of them. Preparing ahead of time is the best decision you can make. But being fully prepared can be an overwhelming task for any business.
CBS provides a full range of IT and website related products and services to assist Catholic organizations to reduce their IT burden in whole or part, so they can better focus on their own mission. This includes the CBS Preferred Vendor Program that includes vendors that can assist in your cybersecurity assessment and related needs.
Stridium Cybersecurity Advisors offers advice and solutions in a wide range of cybersecurity and privacy areas including strategic program development, security risk assessments, virtual CISO and training capabilities, compliance efforts, vendor risk requirements, incident response preparations, forensic services, data and user security and more.
Striduim’s expert analysts work with you to understand, prioritize, and manage cybersecurity with a keen eye on balancing your business objectives and your risks, all while addressing the issues of today and preparing for the challenges of tomorrow. For more information, visit www.stridium.com.