Ransomware is a type of malicious software, commonly called malware, that blocks access to a device or data until a ransom is paid. It’s delivered by the same means as other cybersecurity attacks — most commonly phishing emails with malicious Office documents or zipped files attached, compromised websites, and vulnerability exploits in the software that you use every day. It encrypts your files so that you cannot access them without the encryption key.
Ransomware has been the most prevalent cyber threat for the past 11 years and the infections have outnumbered data breaches. A report released in December 2016 states that ransomware attacks against businesses increased threefold in 2016.
It’s no joke. Ransomware is capable of crippling businesses who encounter it. The criminals behind these attacks are continually evolving their tactics to allow them to continue down this lucrative path. They are primarily holding the data ransom and do not appear to be stealing the data for their own use, but that trend could change.
Other research shows that ransomware had cost businesses $209M in the first half of 2016—a figure predicted to increase to $1 billion once year-end totals were in. Money is not all that’s at stake. Ransomware can cost a business its reputation, lost productivity, and sensitive data such as financial records including banking information, confidential customer information, or intellectual property.
IBM Security announced results from a study that found “70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems,” with half of those paying over $10,000 and 20 percent paying over $40,000. Those behind the attacks will more than likely move on and affect other individuals and businesses. By paying the ransom, those affected only encourage these criminals to continue on to the next victim. Remember, there is no honor among thieves and paying is not a guarantee. It may be tempting to just pay them and think that you can quickly move on from this, but you can still lose critical files even if the ransom is paid. Another issue is: Can you trust the data now that some unknown person(s) have accessed it? It’s a far better idea to protect your business so you are not a target for future malware infections.
How to Prevent Ransomware and Other Malware
So, before you decide to stop using computers, the Internet and technology totally, there are preventative steps that you can take to avoid being held for ransom. Having a comprehensive cybersecurity and response strategy will help you defend against these attacks — one that focuses on using business drivers to guide cybersecurity activities and incorporates cybersecurity risks as part of your overall risk management processes. You don’t have to start from scratch. You can continue to evolve and improve your current practices. Specific actions that are proven to work include:
- Identify the business processes and users that handle critical business information, especially those that handle financial information, and enforce some form of higher-trust authentication. For example, two-factor authentication requires not only a username and password, but also something that only the user has on them — like a hardware or software token that generates a code (Google Authenticator or RSA SecurID) to name a few. Learn more about two factor authentication.
- Secure the network. Firewalls and other security tools designed to fortify the network perimeter play a critical role in protecting your business. Ensure your firewall configuration is set to restrict outbound network traffic and monitor for suspicious behavior. Invest in layered security protection that can detect and stop ransomware attacks before they happen. There are lots of products on the market that provide this type of protection.
- Make backups of your critical business data. Schedule backups to no-overwrite media. Make sure backups are located on segregated network storage, preferably offsite and that uses strong encryption that you control and manage. Have dedicated backup operator credentials – don’t share or otherwise reuse those credentials for other purposes, and don’t reuse the passwords with other accounts. Audit the integrity of those backups regularly. Maintain proper access management for these backups.
- Secure email and browsers. Email clients and web browsers are used to trigger ransomware. Scan all attachments, particularly zip files and documents, for the latest malware variants. Get a secure email gateway and ensure it is configured to provide URL filtering. These could be either hardware products or software products.
- Secure the operating system and all programs. Make sure all of your computers are patched religiously, including the operating system and third-party applications. Upgrade outdated software that cannot be patched.
- Provide user awareness training to all employees. Train your employees to be suspicious of all attachments and links in external and internal emails by encouraging the simple practice of hovering over a link (prior to clicking it) to confirm whether its actual destination is legitimate. Encourage users to report suspicious emails to get a second opinion if they are unsure of the validity.
- Create, maintain, test, and follow your incident response plan. Create an organized approach to addressing and managing the aftermath of a security breach or attack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. A great resource is the NIST Guide for Cybersecurity Event Recovery.
ITAC can provide IT Services – designed specifically for manufacturers – to ensure your business continuity when you need it most. Contact us today if you would like to meet with a specialist.
Source: Manufacturing Innovation Blog