Ransomware attacks are consistently making the news headlines due the increased frequency and the significant risk they pose to businesses, government agencies, and critical sectors such as education, healthcare, and more.
Ransomware attacks are on the rise, between 2018 and 2019 alone they increased by 239% (Source Sentinelone). Furthermore, the risk posed by these attacks goes beyond extortion and encryption to include irrecoverable data destruction and exfiltration. In this blog we are going to go over what ransomware is, what to do if you fall victim to it, and some ways to reduce your risk in the first place such as malware detection and air gapped backups.
So, what is a ransomware? In simple terms, a ransomware is a type of malware that differs from other types by its payload, i.e., the way it affects the IT environment. Ransomware attacks will encrypt files, shares, documents, and datasets so they are no longer usable, then the attacker demands a payment to provide you with the decryption keys that allow you to recover the data.
Among other methods such as RDP and USB drives, phishing emails top the list for ransomware delivery methods. The cost of a ransomware incident can be huge, and if not prepared for this threat the recovery can take months and will only add to the possibility of a long-lasting damage to the business’ reputation, operations and profitability.
How can we prepare for ransomware attacks?
1. Have a plan: Just like anything else in life, having a plan will prove effective in the ransomware scenario. Be prepared for how you would respond to potential extortion and payment demands. Ask yourself the following questions: Are we willing to pay a ransom for our data? Are we going to negotiate or use a professional ransomware negotiating service? Can we pay with cryptocurrency? Who do we contact in the case of a ransomware attack? How do we communicate the issue our clients?
As a business you must be prepared to answer all these questions and more. It is important to note that making a payment doesn’t guarantee data recovery or prevent damage and exfiltration. The United States Federal Trade Commission recommends that you contact your local FBI Office if your business is the victim of a ransomware attack, and if you live outside the USA make sure to check your local government guidance.
2. Backups: Backups are the key for recovery from a ransomware attack. Whilst having a well-tested process to respond to cyber-attacks and to recover data is important, having backups of your business data is equally vital. By performing regular backups and check sum verification, incident response table top exercises and data recovery exercises, you are strengthening your business’s position in responding to such attacks.
3. Air Gaps: Above, we mentioned the need for a robust data backup process, however unfortunately this still isn’t guaranteed safety as backups can also be encrypted due to an attack, which is a nightmare in itself. Firms implement air gapped backups differently. Ultimately, air gapped backups are performed by keeping backups separate from and inaccessible by anyone or anything. As a business, if is also highly recommended that you keep these backups up to date as much as possible.
4. Malware Detection: Deploy anti-malware software and have a process to monitor, investigate and, respond to potential threats. Although these tools might not stop all ransomware attacks, they will help stop many of them and make you aware of potential threats. Things such as configuration management (maintaining computer systems in their desired state) and secure network architecture (designing computer systems to achieve security goals) will further help to prevent ransomware attacks.
WannaCry, Petya, and Bad Rabbit are some of the recent ransomware attacks that crippled many businesses, but at Euclid Security we believe that there is a lot that you can do to minimize the risk of being a victim to ransomware attacks. Security assessments, user awareness and education, malware detection and configuration management will play a significant role in protecting your data and IT environment.
At Euclid Security we offer professional cyber security consulting services, including, vulnerability assessments, penetration testing, cyber security training, and phishing exercises. We can also help your business protect against and prepare for ransomware attacks. Feel free to get in touch for a no-obligation discussion.