Businesses can overcome ransomware, writes Mike Simmonds, pictured, Managing Director of network security product company Axial Systems.
The odds of being targeted by ransomware are greater each year. In fact, research from Malwarebytes shows that 40 per cent of businesses had been targeted over last year, with over 33% losing revenue and 20pc stopping business as a result. Infected businesses often pay up, fearing they will otherwise lose all access to their vital data. However, not all hackers have the ability to carry out their threats, especially when outdated ransomware is used.
In a sense, therefore, there are two types of ransomware threat in place therefore. That, which results in real malware being downloaded onto the network causing immediate real damage and the psychological battle where threats are made and businesses are unsure whether they are viable or not but are often unwilling to take the risk. Both threats, real and presumed are, however, likely to have a similar impact on the business concerned. Fear is, after all, a powerful emotion and is likely to elicit a defensive response. Think what you would do, for example, if you could not access any of your business documents – all of your personal files – and you are being held from them by a countdown timer to their complete annihilation.
This method of money-making by the faceless and nameless ‘black-hatters’ of the internet is now becoming a serious threat. Recent research by Bitdefender reports that companies and individuals caught out in this way in the UK ‘are willing to pay the most to recover personal documents, photos and job-related documents’ with up to £400 being paid to decrypt locked and encrypted files for a start. Typically also, once businesses have shown that they are willing to pay, they are more aggressively targeted as their name joins a list of so-called “suckers” who will reach into their pockets for the convenience of getting their files back quickly.
Associated
Moreover, it’s not just a case of computers being hacked. The related phenomenon of SMiShing is also on the increase. SMiShing is a similar kind of attack to ransomware and typically involves a user being sent an unsolicited SMS which tricks them into downloading a rogue program or releasing sufficient personal details to compromise their security. It is always best to minimise exposure to these scenarios where possible with common-sense, site or IP address blocking and end-point protection but that in itself may not be enough to counteract this ever more pervasive threat.
It’s critically important, of course, to ensure your electronic defence is as impenetrable as possible through the use of actively maintained antivirus software, firewall appliances, Intrusion Protection Systems, web and mail filtering, and define and robustly enforce policies that prevent penetration through ensuring correct system configuration and device ‘hardening’.
However, in today’s complex security environment becoming a victim of one of these increasingly prevalent security threats is almost an inevitably at some point. So, because it will happen, and when it does, what else do organisations need to consider? Robust backup systems are key, of course, but so too is putting in place robust policy and processes and a practical system of educating users. Best practice then is to implement a robust and incremental backup system of business/personal critical details, and keep those backups safely offline. Businesses should then also ensure they test these backups regularly and ensure everything that should be protected is protected.
On the user side, they should enforce a general information policy pertaining to what web-sites are SFW and NSFW (Suitable For Work and Not Suitable For Work) and educate themselves and their team on the risks and the methods by which ransomware is activated. This kind of focus on education is key. Organisations need to remember that their human firewall is their best, but is also often their last line of defence.
After all, in the battle against ransomware, businesses need to marshal their resources, ensure they have a strategic plan in place, train up their workforce and deploy their full gamut of policies and procedures to keep their corporate networks and systems safe.
