To pay or not to pay; protecting your business against the rising threat of ransomware
Cybersecurity continues to be a hot topic not just in Australia and New Zealand, but also globally. Recent news reports have placed ransomware high on the boardroom agenda, as well as in the general public.
Ransomware is going nowhere; it’s a business model that continues to thrive. But what actually is it? How could it affect your business and what can you do to stay protected?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Once a network is infected, all files and data are essentially blocked, with a set payment the only way to regain access. It’s estimated that cybercriminals collected over $1 billion in ransoms in 2016, and this number is only set to increase this year. The implications - financial, operational and reputational - can be devastating for businesses.
The latest major global cybersecurity attack, known as “WannaCry”, spread globally but hit the British healthcare system hard. Criminals targeting vital healthcare systems and businesses alike come as no surprise, with these entities more likely to pay up. This put a large strain on the healthcare system, with medical operations cancelled and patients being turned away. The attack came about due to vulnerabilities in unpatched IT systems used by the affected businesses. Whilst the ransomware didn’t appear to be anything too special, its infection method was what made it unique.
Not long after this came “EternalRocks” - a new strain of malware. Given that WannaCry’s infection rates were so high, it’s no wonder we saw a copycat malware appear. Whilst this was not as successful in infiltrating businesses, it goes to show how serious and prevalent malware is becoming.
It’s easy to brush this off and say “it won’t happen to me”, but if your business was attacked, would you pay up? Would you weigh up the options first? For instance, is it cheaper to pay the ransom than it is for manpower to recover the situation?
Whilst it’s understandable that people want to pay the ransom to get their files back, the reality is there’s no guarantee that the cybercriminal will actually return the files, or even if they can return them, regardless if the ransom is paid or not.
By paying the ransom, it particularly highlights the current security situation of your business. If you think you’d elect to pay, there’s no better time than now to improve your security practices as in all probability, you will become a target for further cyberattacks in the future. To ensure your business is protected, consider the following recommendations below.
Utilise a reputable, reliable cyber-security solution Having endpoint security that prevents malware infections in the first place is vital. Look for a security solution that protects web browsing, controls outbound traffic, protects system settings, proactively stops phishing attacks, and continuously monitors individual endpoints.
Deploy backup and business continuity recovery If your systems become infected with ransomware, the only recourse is to recover data and minimise business downtime. There are now many automated on-premise and cloud-based backup and continuity solutions that will back up data and create an air gap to stop ransomware from infecting networked drives. They can help ensure minimal downtime with businesses able to quickly return to normal.
Disable macros and autorun Lots of ransomware variants infect systems using macros. Macros can easily be disabled in the Trust Centre of every version of Microsoft Office. It is also possible to enable individual macros, should they be used for a particular task. While autorun is a useful feature, it is often used by malware to propagate. For instance, USB sticks will use autorun to proliferate, as do commonly used by Visual Basic Script (VBS) malware and worms. It is best to Policy disable autorun.
Educate users As always with security, users are often the weakest link. Malware will continue to thrive and be a viable business as long as staff are unaware and uneducated on the risks of the Internet. Attackers want the easiest route in, so while some attacks may at one point or another use complex malware to achieve their goal, we will continue to see the initial infiltration achieved through simple phishing emails or poor password management.
There are simple, practical ways to practice good cyber hygiene. Encourage your employees to hover over links before you click to make sure you know the end destination of links, change your passwords regularly and keep your operating systems up-to-date. And of course, don’t open emails from unknown senders.
Article by Dan Slattery, senior information security analyst, Webroot.