Incidents of Ransomware on Rise
Ransomware is a type of malware that encrypts valuable digital files and demands a ransom to release them. Back in 2016, the FBI already alerted about a rise in this type of attacks. The trend has continued through the years, and the number of attacks on SMBs (Small and Medium-size Businesses) is very alarming today. At Consensus, we’ve sadly witnessed several of these attacks on our own customers recently. Prevention efforts that start by understanding this type of threats are crucial. A solid business continuity plan in the event of a ransomware attack is a must. Think backup, backup, backup. In this blog, we’ve compiled some Ransomware Protection Tips that SMBs should take into account.
Every company should have a good protection plan for every machine. Keeping backups and securing them is also mandatory. With a healthy backup management, you won’t stop the attack on your network or servers, but you will be able to restore operations and minimize the damage.
Andres Castrillon, Consensus
How does ransomware attack your database?
Both in the cases described in the FBI article and the recent cases we’ve seen, victims open an email addressed to them and may click on an attachment that appears legitimate. For example, the attachment looks like an invoice or a quote and it actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.
Nowadays, these attacks are becoming more and more sophisticated and don’t always require a victim to click on a link. In other words, according to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.” (go to FBI’s article)
If the infection is already present, the malware encrypts files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Most importantly, users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. Moreover, these messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.
Three Protection Tips: What can you do to protect your data and your networks?
CISA (Department of Homeland Security Cybersecurity and Infrastructure Security Agency) highlights three basic security tips that can help you protect your data from ransomware:
- Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
- Store your backups separately. The best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive or a separate device from the network or computer. (See the Software Engineering Institute’s page on Ransomware).
- Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel is informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
Front-end protection for your systems should include firewall, antivirus, anti-malware, anti-ransomware, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), and every one of your machines should be protected too
Sidhartha Ibargoyen, SLAS Consulting
A Protection Plan for Small or Medium size Business CEOs: 8 Questions you need to ask
On a specific FBI document titled Ransomware Prevention and Response for CEOs, they state that a commitment to cyber hygiene and best practices is critical to protecting your networks. The 8 critical questions a CEO needs to ask of its organization to help prevent ransomware attacks follows:
Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?
2. Risk Analysis
Have we conducted a cybersecurity risk analysis of the organization?
3. Staff Training
Have we trained staff on cybersecurity best practices?
4. Vulnerability Patching
Have we implemented appropriate patching of known system vulnerability?
5. Application Whitelisting
Do we allow only approved programs to run on our networks?
6. Incident Response
Do we have an incident response plan and have we exercised it?
7. Business Continuity
Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?
8. Penetration testing
Have we attempted to hack into our own systems and our ability to defend against attacks?