When it comes to cybersecurity there is no shortage of threats from spam, data theft and malware (malicious software such as viruses and spyware). But one threat that is top of mind for most security professionals right now is ransomware, a truly malicious threat that is devastating businesses, large and small, all over the world.
So what is ransomware and what can you do to avoid becoming its next victim?
Ransomware is a very specific type of malware designed to infiltrate networks and computer systems in order to encrypt files and documents. Once ransomware is deployed, access to vital information and files is lost, replaced with a ransom demand message, usually displayed in a text document or browser window. Some ransomware will also display ransom demands using a user’s desktop wallpaper.
Some forms of ransomware are activated when an unsuspecting user clicks a malicious email link. Other attacks originate on the network itself, employing brute force attacks to uncover passwords or infiltrating weak points within the network infrastructure.
Ransomware can be activated immediately or lay dormant, spreading throughout the network undetected until the attacker chooses to activate the encryption.
No matter how it’s activated, ransomware can cripple a business in a heartbeat, preventing access to vital files you need to do your most basic work:
- Some or all of your business’s computers may be affected
- Employees won’t be able to do their jobs
- Vital data could be lost forever
Most important of all, the critical data of your business will essentially be held hostage until you pay the ransom or restore the files from backup.
Ransomware in Action
PGA of America
PGA of America was infected by a strain of malicious ransomware early in 2018. According to the NY Post “The encrypted files contain[ed] creative materials for the PGA Championship and the Ryder Cup, including various promotional banners and logos. Development projects on logos for future PGA Championships also were compromised.”
The City Government in Atlanta
The city of Atlanta was hit by ransomware in March of 2017, with a ransom demand set at $55,000 in Bitcoin. According to Wikipedia “Many city services and programs were affected by the attack, including online services for citizens to pay bills and request utility service. The effects of the incident were so widespread that officials resorted to completing paper forms by hand.”
The city of Atlanta declined to pay the ransom and has since budgeted $2.6 million to cover incident response, recovery, and crisis management services. However, more recent estimates put the cost of rebuilding their IT infrastructure at almost $17 million.
Erie County Medical Center
Perhaps one of the worst cyber-attacks involving ransomware victimized a medical facility in Buffalo, NY. According to a CBS news report, employees of the Erie County Medical Center reported that all the computer screens were black and that many systems were turned off or completely unplugged as a result of the attack.
The hacker’s ransom demand was set at $44,000 in Bitcoin to unlock the hospital’s data. The hospital chose not to pay the ransom, electing instead to hire an outside security firm to handle the fallout from the attack.
Meanwhile doctors, nurses and employees were forced to get by with only pen and paper until their computer systems could be restored almost 6 weeks later. The hospital has since rebuilt their entire IT infrastructure at a cost of more than $10 million.
Small Businesses Get Attacked EVEN MORE than Larger Companies
While most of the headlines in the media focuses on attacks against larger businesses, the reality is small to medium businesses actually get attacked more than the larger companies, they just don’t end up in the news as often.
Cyber criminals frequently send out their attacks on the internet to try and infect as many people as possible. Their systems don’t care about the size of the business they’re attacking, they just try and target as many companies as possible.
The reality is there are a lot more small-to-medium businesses than large companies, plus small businesses usually don’t have the same level of sophisticated security systems to protect their computer systems that the bigger companies might have. So, when you put these two facts together, you get a perfect storm that leaves small to medium businesses as the most frequent victim of ransomware attacks.
A recent survey of 1,000 small and medium-sized businesses, completed by Osterman Research in 2017 revealed that 35% of the businesses surveyed were the victims of ransomware attacks.
22% of those businesses had to cease business operations immediately because of a ransomware attack.
90% of the ransomware infections resulted in more than an hour of downtime and lost productivity, while 1 in 6 infections resulted in more than 25 hours of downtime.
Companies in the medical and healthcare industries are an especially attractive target for hackers since their data includes personal identifying information on patients, which is more valuable than simple credit card data or other information that might be obtained from other types of businesses. Healthcare companies are also more likely to pay ransom demands since the loss of their systems compromises patient care.
According to an article published on CBS News in August of 2017, “Almost all U.S. healthcare organizations have reported at least one cyberattack.”
Un-patched Windows systems are particularly vulnerable to known ransomware threats such as WannaCry, NotPetya, and others. However, the growing threat comes from the profitable ransomware market, where criminal marketplaces make malicious code available to wannabe hackers who lack the technical skills to launch attacks on their own.
According to CSOOnline, “the overall ransomware economy has grown more than 2,500-percent, from about $250,000 to $6.24 million from 2016 to 2017.” Ransomware can be purchased on the Dark Web for as little as $10 for basic packages. Many ransomware developers even offer to customize their ransomware in exchange for a cut of the profits.
It’s clear from these numbers that ransomware has become far too profitable to simply fade into the background. Now, more than ever, businesses everywhere need to take steps to protect their networks and in some cases their very existence.
How to Protect Your Business from a Ransomware Attack
Build a Cybersecurity Culture
While utilizing technology remains a viable strategy for preventing ransomware attacks, we no longer have the luxury of thinking about cybersecurity as something that happens only in the IT department.
The truth about cybersecurity is that the people in your organization can be your greatest asset or your biggest weakness.
The vast majority of cyber-attacks begin with a person on your team simply clicking a malicious link or opening a booby-trapped attachment. That’s why more and more attackers are crafting their emails to look like they come from legitimate institutions, friends, or even family members.
To avoid falling for these ploys, everyone in your organization needs to be trained to spot them. One of the best ways to do this is to test your employees regularly using simulated phishing attacks.
Beyond basic training though, security needs to become part of your company culture, from the top down.
At Antisyn we feel so strongly about this that we devoted an entire blog post to Building a Strong Cybersecurity Culture in Your Organization, just a few months ago.
Backup, Backup, Backup
In the event that your network is attacked by ransomware, your BEST defense is having a secure, complete, and accurate backup of all of your data that can be restored quickly.
Having a backup makes the attacker’s ransom demands useless and minimizes the amount of downtime you’ll experience.
A copy of your backups should also be stored offsite so that you can further avoid the chances of your backups getting infected by the ransomware as well, plus that keeps your data safe from fires, hurricane or other natural disasters. We always recommend a backup system that includes both local and offsite backups, as well as regular testing to ensure your backups are consistently working properly.
Have Your IT Professional Lock Down Your Systems Behind a VPN
Many businesses have employees or partners working remotely that need to access the company's computers or other systems, so they set up remote access to their systems. The problem is, having remote access to your systems is essentially installing a door for cyber-criminals to break into your systems with.
Instead of leaving these systems exposed, have your IT professional evaluate if they can setup something called a “VPN” to protect your systems.
A VPN is a more secure barrier that stands between the internet and the systems your employees would access from outside the office. If making systems outside the office opens a door to your business, you can think of a VPN as putting a gate outside the door to make sure unauthorized individuals have a much harder time trying to break in.
Always Perform Software Updates When They Become Available
Yes, interrupting your work to install the latest software update can be inconvenient, but performing regular updates on operating systems and critical applications is vital to securing your systems from attack. Many attackers exploit vulnerabilities that are often patched in regular updates.
In fact, some of the victims of the ransomware attacks described above could have prevented the attacks if they had simply kept their Windows systems patched and up-to-date.
The easiest solution is to simply make sure your IT professional has your system automatically install critical software updates so that you always have the most recent software installed.
Strong Passwords Are Essential
Many cyber-attacks start by exploiting weak passwords on systems across the network. That’s why it’s so important to create STRONG passwords for absolutely everything on your network, from computer logins, to administrator passwords. Every device that touches your network should have a strong password. Period.
So what does a strong password look like? A strong password contains at least 8 characters and includes at least one number, one uppercase letter, and one symbol.
Longer passwords are better, though. One of the easiest ways to create strong passwords, that are also easy to remember, is to use phrases instead of single words. For example, a phrase like ‘my grandma makes the best apple pie’ becomes a really strong password when you add uppercase letters, symbols and numbers, like this: myGrandm@m@k3sthebestApplePie!
Regularly Have Your IT Professional Evaluate the Security Needs of Your Business
There are many great technologies that can help your business avoid threats. You should make sure that your IT professional regularly evaluates the needs of your business to confirm if the right systems are in place to help reduce the chances of a threat.
Some examples of technologies to consider include:
- Modern Business Grade Firewalls
- An E-mail Security Platform with Anti-Phishing and Anti-Ransomware Protection
- Modern Anti-virus & Anti-malware software on all computers
- Proactive Server & Network Monitoring
What To Do When You’ve Been Attacked
While establishing a strong security culture and implementing the right technology will put you in a much better position to prevent a cyber-attack, no system is 100% bulletproof. Most businesses will experience an attack at some point. It’s not a matter of IF, but WHEN.
So what do you do when you see that ransom note on your computer screen?
First, try to avoid paying the ransom, that should be an absolute LAST RESORT at most. There is no guarantee that the attacker will release your files, even when you comply with their demands. Plus paying the ransom also supports the continuation of cybercrime, providing the profits that keep hackers in business.
Instead of paying the ransom, call an IT professional as soon as possible. Don’t be tempted to try to fix the problem on your own or “Google” a solution. You could make the problem worse, prolonging your downtime even more. The best approach is to work with a professional from the beginning to minimize the damage and get your systems back up and running sooner.
Is your business prepared for a ransomware attack?
Antisyn is here to help for Jacksonville area businesses. Our IT services include full IT support, IT strategy, and cybersecurity services. Reach out to us and see how our passionate team can help your business.