In 2016, the number of ransomware attacks increased 300 percent from 2015, with over 4,000 attacks detected per day, according to US government statistics. Ransomware is among the worst types of infection, as it not only encrypts network data, but in the end may cost victims all their data – even if they pay the ransom. It should be a priority for all businesses and organizations in 2017.
Ransomware is not limited to consumer networks; it’s one of the most sophisticated types of malware that targets all internet users, from private individuals to corporate networks to government agencies. Ransomware attacks on enterprises affect shareholders, employees and customers, and could lead to permanent damage caused by loss of confidential information, negative publicity and financial loss.
Ransomware infections are hard to remove, as the FBI has confirmed. A proper understanding of the threat landscape would help enterprises build better security strategies to prevent attacks, but that’s not enough and, in many cases, companies are still oblivious to the risks and downplay the danger. Walmart, Target, Apple, Ebay, and TalkTalk are only a few of the large businesses that have suffered massive breaches and data loss as a result of cyberattacks and vulnerabilities.
Employees are the weakest link in an organization so, most often, hackers use social engineering to trick users into clicking on infected advertisements or URLs in emails or into downloading attachments that will infect the corporate network with ransomware. Vulnerabilities and risks in the private sector have increased as a result of the widespread adoption of the internet of things and BYOD.
Multi-purpose devices used for both home and work tasks are a top risk. It only takes one random click to get infected. Once the device is connected to the company network, the infection can corrupt the entire corporate infrastructure. Organizations must dive deeper into threat analysis and mitigation, instead of sticking to the basics because tech innovation has prompted hacker innovation.
So, how can enterprises safeguard their infrastructure from the latest sophisticated ransomware variants? CISOs should implement prevention methods to mitigate risks in their organizations — it’s always cheaper to prevent ransomware attacks than to spend money on system and data recovery.
Employees are the most common entry point for hackers seeking a way into your organization, so regular security training to educate them about network security and risk detection may reduce malware infection. Quite often the malicious code is implemented on legitimate websites to trick the untrained. The workforce has to learn to distinguish between authentic links and emails, and phishing scams which could lead to ransomware infections or trick them into giving away passwords and sensitive information.
If you’re dealing with a ransomware attack, don’t rush into paying ransom. Previous events have demonstrated chances are quite high that the hackers won’t send a decryption key to restore the data anyway, and you’d be encouraging a criminal business model. And ransom payment doesn’t mean cybercriminals will not target your business again or even demand more money.
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom,” explains FBI Cyber Division Assistant Director James Trainor. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
When dealing with an infected device, the safest approach is to immediately remove it from your network and reach out to law enforcement. The goal is to keep the malware from spreading across your infrastructure so another step is to change all passwords once the infected device has been disconnected and then once again after the malware has been removed and data restored.
Hackers don’t always need to expend much effort in breaching your network because you make it easy for them from the start. Perform regular system scans and updates of all operating systems, software and firmware, if possible, and check them for vulnerabilities. Periodically back up company data either on physical devices offline or in the cloud, and secure backups by not keeping them connected full-time to the company infrastructure. In some cases, ransomware infections have also locked cloud-based backups.
When a cyberattack is detected, thoroughly document the vulnerabilities that led to it and the measures taken to restore the system. Based on this learning and industry research, focus on implementing a security strategy to prevent future similar incidents and keep your business free from cybercrime.
Luana Pascu on Mar 24, 2017