Ransomware has become the scourge of the Internet. It’s so common that it no longer makes the news. In fact, it’s predicted that a business will fall victim to a ransomware attack every 14 seconds in 2019. The evolving nature of the threat makes malware attacks very difficult to counter. Regardless of the type of malware, they all have the same objective to encrypt or disable access to the files on a computer, or the network it is part of, and then demand payment for their recovery. Overseas, cybercrime labs often have budgets as large as or larger than the total spend of an enterprise level organization’s annual security budget.
Security analysts estimate that most hacking related breaches are because of stolen or weak passwords. Other attack vectors include vulnerabilities exposed in a web application, open or insecure network ports and email-based phishing. These are all sobering data points, whether you’re a large corporation or SMB. The impact of breaches can be highly damaging – monetary payments, lost data, productivity impacts, system downtime during recovery, just to name a few.
Although the different kinds of malware attacks have existed for years, the success of the latest generation is due in part to improved techniques. Machine learning and other heuristics help hackers learn about network and people patterns. This is very different from prior automated or cryptologic based methods because skilled IT resources and improved security software can detect and disable, or even prevent these kinds of attacks outright before they cause damage.
Ransomware falls into the broad category of malware. The definition of malware is to damage or disable a computer or an entire system. In one scenario of ransomware, the attack disables access to systems by encrypting files. The attacker then demands a ransom in exchange for a key to decrypt the files and regain access. Another scenario in the Ransomware attack is to simply lock one or more systems, so they can’t be accessed. Unfortunately, there’s no single solution that can stop this type of attack, despite many claims to the contrary.
This leaves two options in response:
The first is to pay the ransom which most all security experts advise against. This could make an organization a repeat target. The second, more realistic option is to use a multi-layered approach to make it more difficult for Ransomware and other attacks to succeed. Implement a security management practice that includes regular patching of all systems, services and software, including network device firmware, like IP security cameras, printers and scanners. Proactive measures reduce the likelihood of an attack being successful but there is no guarantee. Ransomware authors continue to get smarter, and their attack software usually include routines to find and delete or encrypt backups along with primary data. This means organizations can’t rely solely on backups as a response tactic, without taking additional security precautions and measures.
Given how many ransomware attacks succeed, educating employees to detect phishing and related attempts to penetrate the network is a must. Strengthening your security management practice with added employee training will help minimize your exposure to malware and maximize your response management. If you’re wondering where to start, SOS can help. Reach out to us today.