Ransomware Attacks and How You Can Protect Your Business
When it comes to cybersecurity, there are varying kinds of attacks, viruses and malware that businesses need to be aware of. However, most recently, ransomware has been in a lot of news headlines, and has become a very destructive cyber attack on individuals and businesses that connect to the Internet (which is basically everyone these days).
Many of the recent high-profile attacks have targeted businesses in the healthcare sector. There have been a number of stories in 2016, where medical facilities were attacked and forced to pay thousands of dollars to restore their IT networks. Even more troubling is that the attacks have even targeted law enforcement agencies. I know of at least one law enforcement agency that paid a bounty (a fee paid to the attackers) in order to recover their data.
These examples show that no one is safe. The criminals who develop the ransomware simply send out these attacks to as many recipients as they can in order to increase their success total, and eventually collect more bounty.
What is Ransomware
Basically, ransomware is an attack on your data. In some cases a user might download the virus after clicking on an infected email attachment or compromised website. The virus then launches an attack on the user’s network by encrypting the data, holding it hostage and rendering it completely inaccessible until the bounty is paid.
At this point, the user has two options: pay the ransom or try to decrypt the data on their own. If they pay the ransom, there is no guarantee they’ll receive the key to decrypt their data (remember we are dealing with criminals here!). However, I have heard that most of these transactions go through successfully. I assume it’s because the individuals behind that attacks want the payments to continue to come in, and if word gets out that they’re not living up to their end of the bargain, then other victims won’t pay. The bounty is paid using bitcoins, an Internet currency, making it very difficult, if not impossible, for the recipient of the bounty (the attacker) to be traced.
If the user attempts to decrypt the data on their own, they may reach out to data recovery specialists. Although data recovery specialists typically have an arsenal of tools and expertise available to them, most attempts to decrypt ransomware-infected data are unsuccessful. This is because the cybercriminals are continually increasing the effectiveness of their attacks.
How Does Ransomware Impact Business?
If the attack is launched in a business environment, the virus will typically spread to other computers on that same business network. If there are any shared drives, the data on those drives will start to encrypt. This could potentially cause services to fail and/or halt production if employees to lose the ability to do their jobs.
Another troubling trend is the percentage of ransomware attacks, which seem to be growing at a faster rate in the Midwest than in any other part of the United States. This is believed to be caused by the higher of percentage of people paying the ransomware bounty (let’s call it “Minnesota nice”).
With the digital age upon us, data has become the life blood of most businesses. If a business were to lose that data, or have it compromised, chances are their bottom line would feel the effects, in a profoundly negative way. In fact, there are a number of statistical reports available online that show businesses that have a large data breach or loss of data are likely to go out of business within the next 12-18 months.
How Can My Business Prepare?
So, what can a business do to better protect itself from a ransomware attack? The common answer is to make sure you’ve done everything you can to protect your network. Install anti-virus software and firewall protection, and make sure those solutions stay up-to-date.
In addition, a business should ensure they have a backup and disaster recovery plan. Many of the businesses that paid the ransom to recover their data recently didn’t have good backups in place. An effective backup shouldn’t be accessible by the general employee population, and should be managed and tested on a regular basis. This helps to ensure the data stored is accessible and can be effectively recovered in the event that the primary data is compromised.
While security software and backups are definitely important steps to take, there is one additional initiative that businesses should do: educate your staff and customers. Most ransomware attacks are caused by simple things such as a user clicking on an email attachment from an unfamiliar sender, or unknowingly visiting a malicious website. Sometimes these errors occur when rushing through work and inserting a foreign (and infected) USB stick into a business’s computer. These small errors in judgment can cost thousands or even millions of dollars, and could ultimately lead to employee termination or even the business’s own existence.
Education is an investment in your business and an effective approach to mitigating the effects of cyber attacks. Without education on IT security threats, such as ransomware, a business can invest heavily in software and hardware security and still fall prey to a simple mistake by an employee. Even with education, mistakes may happen; however, the impact can be lessened when a plan is in place.
Today, it’s not if you will be the victim of a ransomware attack, but when. Typically, a business will identify threats such as competition or a poor marketing strategy as its top threats; however, I would strongly recommend that IT security threats be at the top of that list so you can be better prepared to protect your business.