Ransomware is one of the fastest growing threats to businesses and individuals in Cyberspace. But what exactly is it and how does it affect your organization?
Whilst ransomware has been around in various shapes and forms since the late 1980’s, it has experienced significant resurgence in the last few years due to its ability to quickly generate large sums of money. According to the Internet Crime Complaint Center organization in the US, some ransomware variants are reported to have generated criminal gains in excess of 18 Million US Dollars, with affected organizations also incurring costs due to loss of productivity and to restore operations following an outbreak. And according to McAfee Labs' 2016 Threats Predictions report, ransomware will remain a major and rapidly growing threat in 2016.
A Typical Case
Imagine that you try to start-up your PC, but nothing seems to work. Instead you are met with a splash-screen stating that you must pay a ransom to regain access to your PC and your files. This is an example of a typical ransomware case, caused by an employee opening an email attachment or clicking on a malicious link.
This seamlessly innocent action causes malicious software to be downloaded and executed. Once the malicious software has entered the PC, it starts encrypting all accessible files, both locally on the PC and on all accessible network drives. Finally, ransom-information is provided explaining how an employee or their organisation can decrypt the files in return for a payment.
Depending on the scale of the case, business operations can be severely affected as employees are no longer able to access the working files that they would normally access as part of their daily activities.
- As with most things in life, prevention is better than cure. In order to improve protection against ransomware, include the following measures:
- Raise security awareness across the organization regarding online security
- Implement access control on network drives to reduce the likelihood of a single infected user PC causing widespread disruption across the business’s network drives
- Ensure antivirus, whitelisting and email spam filters are regularly updated to protect against incoming phishing e-mails and executable files
- Implement email quarantine for attachments and links to allow central scanning
- Implement standard system patching processes to ensure that all systems, software, PCs and servers are patched for known vulnerabilities.
It is difficult to avoid getting hit by any kind of malware at some point, and therefore effective incident response is crucial to ensure fast reaction by the organisation in the event of an outbreak. In order to minimize the impact to the business following such an event, include the following mitigating actions:
Develop a specific security incident response process for ransomware incidents to ensure a step-by-step response is in place to quickly respond to and resolve incidents
Review business continuity processes to ensure prompt recovery and / or alternative working arrangements during recovery
Review, update and test system backup and restore processes to ensure that backup files can be promptly restored in the event of an outbreak, minimizing the impact to the business
Whilst ransomware is unlikely to disappear anytime soon, by taking action now, businesses will be able to reduce the likelihood of infection and / or minimize disruption following an outbreak.