November 11, 2016
Every cyberattack has a sinister quality. There's just something inherently creepy about knowing an outside malefactor has invaded your system with the intention to harm you – and has been lurking in your network without you realizing it.
Most sinister of all? Ransomware, which takes over your network, your files and your company's future in a way that leaves you feeling utterly powerless.
Ransomware has come a long way from the days of pop-up notices claiming violation of a licensing law – notices that demanded a few hundred dollars or so from people desperate to regain control of their computer. Plenty of users fell for these scams; they didn’t know any better. Today some Ransomware rings still target individual users, but most are hunting down big payouts from businesses frantic to recover their most valuable data. Often they research their targets in advance, right down to the list of file extensions or folder locations they want. For instance, they know that encrypting vital healthcare records can panic a hospital into paying a hefty ransom.
Some forms of Ransomware encryption are breakable, letting companies get their files back without paying, but most rings are skilled and smart. Some are so smooth that they offer a customer service number to help teams decrypt their files after paying. This is a sophisticated operation in most cases. So it’s no wonder that organizations usually feel forced to choose between paying the ransom, often in bitcoin, or saying goodbye to their files.
The bad news: many Ransomware victims make themselves vulnerable to attack. But there’s good news too: adopting stronger security practices can go a long way toward stopping an incident before it starts.
See if any of these risk factors describe your organization.
1. Your employees are untrained. It only takes 1 person to click on a suspicious link on a webpage or believe a phishing email, and usher Ransomware into your system. Invest in security training for employees, and spread awareness of any common attack methods. Even basic education can be a major step in reducing your risk.
2. You didn’t create an incident response plan. Responding to an attack involves multiple variables. What is the call chain order? How can the team mitigate the attack? Should corporate commnunications craft a statement for employees, customers and shareholders? What are the pros and cons of paying the ransom? Scrambling after an attack will guarantee a weak response; craft intelligent strategies ahead of time.
3. You don’t know where your data is….not exactly. We get it; Big Data means big complications. Your information could be scattered across networks and systems, some of which don't talk to each other. Before you're attacked, it's important to know where all of your data is stored, how it's protected, and which pieces are mission critical. Only then can you evaluate the strength of your security controls.
4. Your recovery is way too slow. Backups may be the critical element in triumphing over a Ransomware attack, but only if you can beat the criminal’s clock. Their payment deadlines are timed to hit before you can recover from tape – because they assume you’re relying on an old-school solution that takes hours or even days to help you recover. But if you can jump to an accurate backup in just minutes, you’re home free.
5. Your backups are insecure and inaccurate. Many companies stash their sensitive files offsite and call it good. But there are a few other considerations. One: testing. How current are those backups? If your option is failing over to an outdated backup that hasn’t captured anything recent or relevant, you're still looking at loss. The other consideration: is your backup encrypted? Plenty of these criminals will find a way to them too, which means they’re as worthy of first-rate protection as your other files.
6. Paying a first ransom. Ideally, once a ransom is paid and your data is unlocked, your regular business functions can resume. But in reality, often criminals will build a backdoor into your system so they can attack a second time. In IT security, an ounce of prevention is worth a pound of cure – so do everything you can to strengthen your security and stop a Ransomware attack from succeeding in the first place.