4 Ways to Protect Against the Very Real Threat of Ransomware
RANSOMWARE IS A multi-million-dollar criminal enterprise that targets a wide range of targets, including hospitals, police departments, and internet casinos.
It’s such a lucrative plan, according to experts, that typical cybercriminals are forsaking their previous methods of collecting money, such as obtaining credit card data and bank account details, in favor of ransomware distribution.
After all, now that politicians on Capitol Hill are in the crosshairs of cyber extortionists, surely the government will do action to put a stop to the scourge?
Don’t put your faith in it. Fighting ransomware assaults, which hackers exploit to encrypt your computer or vital files until you pay a ransom to unlock them, is still mostly an uphill battle for the average person. You could choose to give in and suffer the price, as countless victims have done. According to the FBI, victims who reported cyber extortion attacks to the Bureau resulted in a $24 million increase in the wealth of cyber extortionists last year. However, even if you have backed up your data in a secure location and decide not to pay the ransom, this does not rule out the possibility of financial loss as a result of the attack. According to the Cyber Threat Alliance, victims of the CryptoWall ransomware, for example, have incurred an estimated $325 million in losses since that strain of ransomware was detected in January 2015. (.pdf). The costs of cleaning equipment and recovering backup data—-which might take several days or many weeks depending on the organization—-are included in the damages.
If you or your company is at risk of a ransomware assault, there are easy steps you can take to safeguard yourself and your company. Here’s what you should do in this situation.
First of All, Who Are Ransomware’s Prime Targets?
Ransomware should be of particular concern to any firm or organization that relies on daily access to essential data and cannot afford to lose that access during the time it would take to respond to an assault. That means that banks, hospitals, Congress, police agencies, airlines, and airports should all be on the lookout for suspicious activity. However, any significant firm or government entity, including essential infrastructure, is subject to some degree of risk as well. Running ransomware on a Windows machine, for example, might hurt power and water facilities’ ability to monitor and configure operations, according to Robert M. Lee, CEO of critical infrastructure security firm Dragos Security. Ransomware, or at least the varieties we are aware of, would not be able to infect the industrial control systems that are responsible for the actual execution of vital processes, which is a small measure of consolation.
Ransomware Can Be Found Almost Anywhere
The Ransomware Meltdown That Experts Predicted Is Now a Reality
How a ‘Kill Switch’ that was accidentally activated slowed Friday’s massive ransomware attack
If you’re still running Windows XP, brace yourself for the worst.
“Just because the Windows systems are no longer operational does not imply that the power is turned off,” he explained to WIRED. “[However], it has the potential to prevent operators from viewing or managing the operation.” If this occurs in some businesses that are extensively regulated, such as the nuclear power industry, it is sufficient to cause a facility to be shut down automatically, as required by laws when employees lose sight of operations.
Individual users are also in danger of being targeted by ransomware attacks on their home computers, and some of the recommendations below will apply to you as well if you fall into this group.
1. Back Up, as Big Sean Says
Running away from ransomware is the best defense since it allows you to outwit attackers by avoiding becoming subject to their attacks in the first place. This includes regularly backing up vital data so that, even if your computers and servers are closed, you won’t be forced to pay to acquire access to your information again if your systems are compromised.
The company Carbonite provides cloud backup services for individuals and small businesses. “More than 5,000 customers have called us for assistance with ransomware attacks in the last 12 months,” says Chris Doggett, senior vice president at Carbonite, which provides cloud backup services for individuals and small businesses. He claims that one health-care customer lost access to 14 years of information in an attack, and that a community group lost access to 170,000 files in an attack, but that both had backed up their data to the cloud so that they didn’t have to pay a ransom to get their data back.
Some ransomware attackers look for backup systems to encrypt and lock as well, by first getting access to desktop computers and then painstakingly working their way through a network to reach the servers they want. For those who don’t back up to the cloud and instead use local storage devices or servers, be sure that these are not directly connected to desktop computers, where ransomware or an attacker could gain access to the data.
As Anup Ghosh, CEO of security firm Invincea, points out, “a large number of users keep their documents in network shares.” “However, in the event of a ransomware infestation, network shares are just as vulnerable as your desktop PC. Providing that the backups are performed offline and that the backup is not accessible from the infected machine, you should be alright.”
The same is true if you use an external hard drive to back up your computer on your own time. Those discs should only be attached to a computer when performing backups, and then they should be unplugged. In addition, he points out that if your backup disc is connected to the device at the time the ransomware is running, it will be encrypted as well.
The use of backups, on the other hand, will not necessarily make a ransomware assault less painful, because it can take a week or more to restore data, during which time business operations may be hindered or completely stopped.
As Doggett explains, “we’ve seen hospitals choose to pay a ransom because lives are on the line and presumably the downtime that would be connected with the ransom payment, even if they could recover, was not thought acceptable.”
2. Don’t Respond to Suspicious Emails or Website Links.
As previously stated, the most common method of infecting victims with ransomware is through the “spray-and-pray” phishing attack, which involves spamming you with emails that contain malicious attachments or instructing you to click on a URL where malware is secretly crawling into your computer without your knowledge. Following a series of ransomware attacks against members of Congress, the House IT team decided to temporarily limit access to Yahoo email accounts, which were believed to be the accounts that the attackers were phishing for information.
In addition to ransomware, hackers have turned to another highly successful method: malvertising. Malvertising involves infiltrating an advertiser’s network by embedding malware in advertisements that are delivered through websites that you are familiar with and trust, such as the malvertising attacks that recently targeted the New York Times and the BBC, among other publications. Ad blockers are one method of preventing dangerous advertisements from appearing; however, addressing known browser security gaps will also help to prevent some malvertising from appearing.
Whether user training is successful in educating employees on how to recognize phishing attacks and right-click on email attachments to check them for malware before opening them is a matter of debate among experts. However, according to Stu Sjouwerman, CEO of KnowBe4, a company that provides security awareness training to businesses, “you can legitimately achieve a huge decrease in click-happy personnel.” “You bombard them with simulated phishing attempts regularly, and it quickly turns like a game. Create an environment where it is accepted as part of your culture, and then every month launch a mock attack to keep employees on their toes.” He claims that, as a result of awareness training, the number of employees who click on phishing assaults has decreased from 15.9 percent to just 1.2 percent in some organizations.
Doggett acknowledges that user education plays a role in preventing ransomware from spreading.
3. Patching and securing
Ghosh, on the other hand, believes that users should never be considered a stop-gap for diseases. According to Hennessey, users will open attachments and visit sites that are infected with malware. “When this happens, you just need to make sure that your security technology protects you.”
Since his company sells an end-point security product designed to protect desktop computers from infection, his viewpoint should come as no surprise. In a recent test, Ghosh claims that his software, which he calls X, detected 100 percent of attacks from 64 dangerous websites. The device, which Ghosh calls X, employs deep learning to detect ransomware and other malware.
However, no protection product is foolproof; otherwise, individuals and organizations would not be subjected to the massive amounts of ransomware and other malware that they are these days. As a result, businesses should implement other industry-standard security procedures to defend themselves, such as patching software security flaws to prevent malicious software from exploiting them and infecting computers.
The majority of web attacks take advantage of vulnerabilities in third-party plug-ins (such as Java and Flash), therefore keeping those up to date is essential, adds Ghosh.
Whitelisting software applications operating on computers, according to Sjouwerman, is another approach to protect yourself from assaults, because the lists will prevent your computer from installing anything that hasn’t already been approved. Administrators scan a computer to identify any valid apps that are currently operating on it and then configure the machine to prohibit any further executable files from executing or installing.
The use of permissions restrictions on systems to prevent malware from being installed on systems that do not have an administrator’s password is another way that network administrators might employ. By using redundant servers, administrators can also segregate access to essential data and protect sensitive information. Instead of allowing thousands of employees to access data on a single server, they can divide employees into smaller groups, ensuring that if one server becomes infected with ransomware, it does not harm the entire organization. This strategy also forces attackers to identify and secure more servers to make their attacks more effective.
4. Do you have an infection? Disconnect
When MedStar Health was hit by ransomware earlier this year, administrators took prompt action to take down the majority of the organization’s network activities to prevent the infection from spreading further. Among the recommendations made by Sjouwerman, whose company distributes a 20-page “hostage manual” (.pdf) on how to prevent and respond to ransomware, is that administrators should not only disconnect infected systems from the corporate network, but they should also disable Wi-Fi and Bluetooth on machines to prevent the malware from spreading to other machines through those methods.
After then, victims should try to figure out which strain of ransomware they were infected with. According to the strength of the encryption mechanism employed by the attackers, anti-virus businesses such as Kaspersky Lab may have decryptors/a> to assist in unlocking files or bypassing the lock without having to pay a ransom, if it’s a well-known variant.
However, if you haven’t backed up your data and haven’t been able to figure out a way to get around the encryption, your only option is to pay the ransom to regain access to your data. Even though the FBI advises against paying, Ghosh says he understands the urge.
Traditionally, he explains, “there is no pain for the user, and people go on” with typical techniques. However, ransomware has the potential to bring a company’s operations to a grinding halt. Furthermore, in the instance of individual victims who are unable to access family photos and other personal files when their home systems are compromised, “The agony that comes with it is completely out of this world… For those of us in the security industry, it’s simple to say no [to be paid]. Why would you want to fuel the fire that would result in more ransomware assaults in the future? However, because you are not in their position, it can be difficult to advise someone that they should not pay the money.”