By now, I’m sure you’ve seen the numbers and heard the stories. Like these, for instance: Malware volume as a whole continues to grow with 430 million new malware variants discovered in 2015 (Symantec); crypto-ransomware attacks were up 35% in 2015 (Symantec); there has been an uptick in ransomware assaults this year, resulting in massive losses (as noted above); hospital systems have been attacked and healthcare services disrupted (Hollywood Presbyterian Medical Center; MedStar Health); and not even police departments have been exempt from being targeted (CNBC article).
Crypto-ransomware is a form of malware that seeks to disrupt company operations by locking out users from their applications and data via encryption. It’s often delivered via phishing emails to unsuspecting users; a user clicks on a fake link or opens a malicious attachment, and the malware launches. Once deployed, the ransomware code goes to work, encrypting critical files and directories using a standard encryption technique that requires a decryption key to grant access. Then, cyber criminals request a ransom to be paid in Bitcoin before they will deliver the decryption key. No payment, no key. Send the payment, you might get the key.
While you may not be able to prevent an attack, you can be prepared for one. Here are several steps you can take to protect your organization:
- Educate your employees – As I mentioned, ransomware is often delivered via phishing emails to employees. Why? Because it’s easy to do, and it works. Train your users to be aware of the risks and to avoid clicking on anything suspicious—or anything even remotely suspicious. Security awareness training is an essential part of any successful security program and will go a long way to help avoid incidents.
- Check your backups – Can you recover your data, if it is damaged or lost? Do you have an effective backup and recovery process for all your critical files and systems? Has that process been tested? If so, how often is it tested? Do you have master images for your workstations? An effective ransomware defense strategy includes good backups and a recovery process that works.
- Invest in security support – Aside from being thieves, cyber criminals are smart. They look for easy targets and exploit them. And they do that by focusing on organizations they believe to be susceptible; ones that either don’t consider security a high priority or are less likely to invest in security skills, solutions, or outside support and more likely willing to pay a sum of money just to make the problem disappear.
- Establish a ransomware defense platform – Build a defense platform that enables you to detect ransomware attacks early, contain them, and eradicate the threat before widespread damage can be done. It should include process and tools for multi-factor authentication, advanced persistent threat (APT) detection, and advanced endpoint detection and response among others. The new generation of products on the market combines advanced technology with real-time threat intelligence and are very effective at protecting against ransomware.