More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber criminals. When the malware is run, it locks the victim's files and allows criminals to demand payment to release them.
You are probably well aware that ransomware is a hot topic in the news these days. Organizations of all types and sizes have been impacted, but small businesses can be particularly vulnerable to attacks.
Ransomware is distributed in a variety of ways and is difficult to protect against because, just like the flu virus, it is constantly evolving.
There are ways to protect your business against ransomware attacks. In this blog post, you'll learn how malware is spread, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Make sure your organization is prepared.
There are a few dominant types of ransomware. Each type has its own variants. It is expected that new types will continue to surface as time goes on. Historically, Microsoft Office, Adobe PDF, and image files have been targeted, but McAfee predicts that additional types of files will become targets as ransomware continues to evolve.
Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms. To decrypt files, cyber criminals typically request payment in the form of Bitcoins or online payment voucher services. The standard rate is $500. Cyber criminals behind ransomware campaigns typically focus their attacks in wealthy countries and cities where businesses can afford to pay the ransom. In recent months, we've seen repeated attacks on specific verticals, most notably healthcare.
How Ransomware Is Spread
Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering. Victims are tricked into downloading an e-mail or attachment or clicking a link.
Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task.
Sometimes, ransomware uses scare tactics such as claiming that a computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click.
Another common method for spreading ransomware is a software package known as an exploit kit. These packages are designed to identify vulnerabilities and exploit them to install ransomware. In this type of attack, hackers install code on a legitimate website that redirects computer users to a malicious site. Unlike the spam method, sometimes this approach requires no additional actions from the victim. This is referred to as a "drive-by download" attack.
Spam botnets and exploit kits are relatively easy to use, but require some level of technical proficiency. However, there are also options available for the aspiring hackers with minimal computer skills. There are ransomware-as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct ransomware attacks.
Protect Your Business Against Ransomware
Cyber criminals armed with ransomware are a formidable adversary. While small-to-mid-sized businesses aren't specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin, and in some cases, rely on outdated technology due to budgetary constraints. This is the perfect storm for ransomware vulnerability.
Thankfully, there are ways to protect your business against ransomware attacks. Security software is essential, however, you can't rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup.
First and foremost, education is essential to protect your business against ransomware. It is critical that your staff understands what ransomware is and the threats it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don't open attachments, if you see something suspicious, say something, etc.)
Conduct formal training to inform staff about the risk of ransomware and other cyber threats. When new employees join the team, make sure you send them an email to bring them up to date about cyber best practices.
It's important to ensure that the message is communicated clearly to everyone in the organization, not passed around on a word of mouth basis. Lastly, keep the staff updated as new ransomware enters the market or changes over time.
Antivirus software should be essential for any business to protect against ransomware and other risks. Ensure your security software is up to date, as well, in order to protect against newly identified threats. Keep all business applications patched and updated in order to minimize vulnerabilities.
However, because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup.
Modern, total data protection solutions, like Datto, take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred.
When it comes to ransomware, the benefit of this is two-fold. First, you don't need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can not be triggered again.
To sum it all up, education and security software can help you avoid cyber attacks. Patch management is essential. Be certain that your software is up-to-date and secure. In the end, it is backup that will help you pick up the pieces when all else fails. Consider using a modern backup product that offers features that can permanently eliminate downtime.