Paying Up: An Answer to Ransomware—or a Questionable Choice?
Richard Walters, SVP of security products, Intermedia
Ransomware attacks are on the rise. This “spray and pray” type of malicious software blocks access to compute systems and encrypts computer files until money is paid. This standstill approach has made ransomware a serious and costly threat to businesses today. In fact, CrytpoWall reportedly brought in roughly 18 million dollars from victims between April 2014 and June 2015.
And while these ransom costs can be damaging, contrary to popular belief, they are usually the least of your worries. The true impact and financial blow is felt through employee downtime. Often lasting for days, downtime halts business operations and jeopardises sales. Ransomware attacks are growing in frequency due in part to increasing compute power. This makes it possible for criminals to encrypt files in only a few hours. The rise of payment systems like Bitcoin have also made it easier for criminals to accept payments without being identified or traced.
Hollywood Presbyterian Medical Center understands this well after losing access to its PCs during a ransomware outbreak. The hospital forfeited $17,000 to hackers after employees had already spent 10 days relying on outdated fax machines and paper charts. Each new attack is a stark reminder that prevention, containment and business continuity techniques are vital in keeping businesses up and running. This especially proves true when advanced ransomware, like TeslaCrypt, adds features that are “impossible” to crack.
Ransomware doesn’t discriminate. In fact, 48 percent of IT consultants across 22 different industries have experienced an increase in ransomware-related support inquiries in the last 12 months from companies of all sizes. No business or employee is safe. So, what can businesses do to prepare for an inevitable ransomware attack?
Put email defense software in place
On a basic level, companies need to ensure that their security defenses can recognise and block malicious web pages, infected USB drives and zip files. Email security solutions need to go beyond spam detection and virus scanning. The question to ask is if your email defense solution is sophisticated enough to recognise and block the phishing attempts used to spread ransomware.
Develop employee education programs
Email is the most common infection vector for ransomware, making it imperative for businesses to create strong education programs that help employees identify suspicious communications. Ransomware is hard to pinpoint, so it’s important for employees to know what to watch for. Ideally, programs should educate employees on what to do if their device exhibits the behavior of an infection. For example, do employees know that they should close their computers immediately in the event of a suspected ransomware attack? Do they know to take the computer directly to IT? These actions alone can assist greatly in containing an outbreak.
Implement real-time backups
What matters the most during a ransomware attack is how quickly a company is able to get back to work. Businesses are finding traditional backup and file sharing solutions inadequate because they don’t operate in real-time. Given today’s threat landscape, employees should be able to instantly roll-back their files or complete folders to a point immediately before the infection hits and access clean versions from alternate devices. Modern business continuity solutions that combine real-time backup, mass file restores and remote access combat threats by minimising the impact of downtime. Infected users can stay productive, and businesses no longer need to pay the ransom.
While businesses don’t have control over when they are attacked, they can control how well they are prepared. Many businesses have plans in place for natural disasters, power outages and other disruptions. Few have “e-crisis” response plans for threats like ransomware. It’s one of the reasons why ransomware is so detrimental for businesses and so lucrative for criminals.
So, don’t give into cyber criminals. Instead, build out a continuity plan that keeps operations running as usual even in the event of a ransomware outbreak.
Richard Walters currently serves as Senior Vice President of Security Products of Intermedia.net, Inc. He has spent 20 plus years in IT, of which over 15 years in C-level positions focused on information security. Richard has in-depth knowledge of operating system and database security, intrusion detection systems, identity and access management, and cloud and mobile security.