Imagine this scenario:

You have no ransomware protection.

You see an email that says an invoice number needs to be corrected, or that you have insufficient funds for a purchase your company made. The email is marked urgent, so you open it, and it directs you to review the attachment. You click.

Your screen goes blank.

In a moment, a notice pops up telling you that all of your files have been encrypted. To retrieve them, you must follow directions. This involves paying hundreds or thousands of dollars to the attacker.

You have become a victim of ransomware.

This malicious scheme is on the rise, and it does not just affect large corporations. Small businesses increasingly find themselves at the mercy of attackers who hold their files until the ransom is paid.

If you see a ransomware notice on your screen, your data is gone unless you have backed it up.

What is Ransomware?

It is a form of malware that often targets both human and technical weaknesses by attempting to deny an organization the availability of its most important data and/or systems. These attacks can range from malware locking system to full encryption of files and data until a ransom is paid.

This malware can be delivered in several ways, but the most popular are via email, thumb drives or even hidden in targeted ads on web pages. People in prominent positions can also be targeted on social media sites such as Facebook and LinkedIn and attackers will seek users in specific industries they are looking to disrupt.

There have been several targeted attacks where malware infected PDF files or Word documents, that contain a high level of details specific to that user or company, are sent directly to “C” level executives of large organizations. Attackers plant thumb drives in company parking lots of large businesses, in an attempt to get a user to plug the thumb drive in a corporate computer to execute a malware attack.

A recent healthcare cybersecurity ransomware encryption attack at an Auburn, Indiana hospital caused massive outages for more than a week. Not all systems are back online still after many critical files were encrypted and the decryption key was held for ransom. While the hospital followed FBI advice and did not pay the ransom, it was able to recover most of its data with the help of a third-party forensics team.

To quote FBI Cyber Division Assistant Director James Trainor: “The FBI does not advocate paying a ransom to an adversary. Paying a ransom does not guarantee an organization will regain access to their data. In fact, some individuals or organizations were never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other organizations for profit and offers a lucrative environment for other criminals to become involved.

Finally, by paying a ransom, an organization is funding illicit activity associated with criminal groups, including potential terrorist groups, who likely will continue to target an organization. While the FBI does not advocate paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”

It should be noted of a rising trend of ransomware “scams,” where an attacker threatens an attack unless there is payment, but the attacker never had the intent or means to carry out an attack. A recent study shows that on average, victims have paid an average of $300 USD per “non-threat.”

Should You Pay the Ransom?

According to a Symantec ransomware report, only 47% of people who pay the ransom get their files back.

Also, the average ransom demand rose from $373 in 2014 to over $1,000 in 2016. There is no reason to expect the trend to reverse.

Every time someone pays the ransom, criminals gain more confidence and will likely keep hurting businesses.

Anyone can buy ransomware and pay a company to send it out to unsuspecting businesses. The criminal pays a percentage to the people he bought it from, and the money comes pouring in. Don’t enable them.

How to Prevent Ransomware?

Data Backup example protecting from ransomware

Maintain Mulitple Data Backups

Backing up data can make all ransomware attacks ineffective.

If your system does get attacked, you can restore all files.

Make your backups multi-layered. You can use an external hard drive and a cloud.

Make it a habit of transferring all files to an external drive at the end of each day. 

Do not leave the hard drive connected to a computer during the day, because ransomware will attack external devices as well. Store the hard drive in a separate location from the computer, so that in the event of fire or theft, the hard drive will survive.

The cloud stores data for you as well. Find a cloud backup solution and upload files to it. You can do this in addition to using an external drive. This double effort helps to ensure that data will survive any mishaps.

One word of caution: Make sure you do not transfer malware to your data backup. If you reload data that has malware hidden in it, you will shut down your computer again. Scan all files to see if they have any unusual extensions.

Ransomware Protection

Your best bet is to protect yourself by using ransomware protection. You have a number of options available, and employing them will reduce the likelihood that you will become a victim.

1. Early Threat Detection Systems

You can install ransomware protection software that will help identify potential attacks. Early unified threat management programs can find intrusions as they happen and prevent them. These programs often offer gateway antivirus software as well.

Use a traditional firewall that will block unauthorized access to your computer or network. Couple this with a program that filters web content specifically focused on sites that may introduce malware. Also, use email security best practices and spam filtering to keep unwanted attachments from showing up in your email inbox.

Windows offers a function called Group Policy that allows you to define how a group of users can use your system. It can block the execution of files from your local folders. Such folders include temporary folders and the downloads folder. This stops attacks that begin by placing malware in a local folder that then opens and infects the computer system.

Make sure to download and install any software updates or patches for systems you use. These updates improve how well your computers work, and they also repair vulnerable spots in security. This can help you keep out attackers who might want to exploit software vulnerabilities.

You can even use software designed to detect attacks after they have begun so the user can take measures to stop it. This can include removing the computer from the network, initiating a scan, and notifying the IT department.

2. Choose Trusted Providers

Trusted Data Center Provider with a sign ransomware explained

If your company uses vendors of any kind that provide software and cloud services, perform due diligence to make sure they are trustworthy. Any SaaS (software as a service) company should be thoroughly examined and cleared before you contract with it. Also, anyone you regularly receive files from should meet your standards of professionalism.

Trusting providers is not enough. Ask if they have their own protections against ransomware. Even someone who is reliable may have overlooked the importance of making sure files are not infected.

3. Employee Awareness Training

Regular employee security awareness training will remind your staff of their roles in preventing ransomware attacks from getting through to your systems.

Stress the importance of examining links and attachments to make sure they are from a reliable source. Warn staff about the dangers of giving out company or personal information in response to an email query, letter, or phone call.

For employees who work remotely, make it clear that they should never use public Wi-Fi because hackers can easily break in through this kind of connection.

Also, make it clear that anyone reporting suspicious activity does not have to be certain a problem exists. Waiting until an attack is obvious can mean responding too late. Have an open door and encourage employees to express concerns.

4. Ensure software and operating systems are updated

Having a regular update schedule ensures all servers, PCs, and laptops have the latest patches and updates to prevent exploits. This includes being vigilant of Zero Day vulnerabilities and critical patches that may be released between patch cycles.

5. Enforce Strong Password Security

Utilize password management strategy that incorporates best practices of password security.

According to background check service Instant Checkmate, 3 out of 4 people use the same password for multiple sites and perhaps what is more staggering is that one-third of people use a significantly weak password (like abc1234 or 123456) on various sites. Instant Checkmate also found 3 out of 5 smartphone users do not use a passcode or passphrase to protect their mobile device.

6. Disaster Recovery Plan

Create a Disaster Recovery Plan

Make ransomware detection and recovery a proactive effort. In other words, have a disaster recovery plan in place in case something happens. Scrambling during a disaster can cause as many problems as it solves. Here are some vital elements of your disaster recovery plan.

Having an active incident response, disaster recovery and business continuity plan is essential and should be the cornerstone of a company’s security strategy. Ensuring a plan has not only has been established but that it has been tested through threat scenarios will minimize the impact of a ransom threat. In the last year, as risks increase, insurance companies have required some clients to have a forensic team on retainer in case of a ransomware attack on a network.

  • Set up a communication plan detailing who should contact who. Remember employees most likely won’t be able to communicate through computers.
  • Determine what equipment you would need to rent or buy to keep operations going. Expect your current hardware to be unusable for days.
  • Write explicit instructions on where data is stored and how to retrieve it.
  • Implement a policy of backing up data on a regular basis.
  • Implement a disaster recovery service.
  • Provide phone numbers for contacting vendors who may be able to restore they systems they provide for you.

Bottom Line: The Latest Ransomware Attack is Inevitable

Take ransomware seriously. Someone is out there right now thinking of ways to break into systems like yours. Hackers no longer target big companies with deep pockets only.

They know a small company may be desperate to get its files back. Create a comprehensive ransomware prevention plan and enforce it.