This past year has been a watershed year for cybersecurity. From the announcement Yahoo’s loss of a billion user’s data, to a DDoS attack crashing huge sections of the internet using connected devices (like baby monitors and printers), to tech heavyweights getting hacked and more. Then of course there was Russia. If the past year was any indication, 2017 will be a busy one for the IT manager and security experts. We want to try and make it a bit easier for you, by sharing trends we are watching and proposing solutions. In this first installment we will address ransomware solutions.
What Is Ransomware?
Ransomware generally starts with an unsuspecting user clicking a link and malicious code is downloaded and installed on their computer. The ransomware then will encrypt important files as well as those on any devices or network drive the user is connected to. A popup appears stating that to obtain the key to decrypt the files a ransom needs to be paid.
Ransomware saw the steepest increase of any threat in 2016, with an IBM study pointing to a 6,000% growth over 2015.
Overall, ransomware cost businesses around $1 billion in 2016. Among the most pervasive varieties was the Locky virus, which was a ransomware that required users to pay in Bitcoin. Having only first been tracked in February 2016, it was the second most prevalent malware globally by November 2016.
A new pyramid-scheme virus has appeared which turns its ransomware victims into attackers. Those infected can either pay hackers the ransom or pass on a link leading to the malware and get it downloaded by two other people to unlock their own system.
It would be fair based on these ransomware trends, it will continue to be a significant cybersecurity issue.
Setting yourself with a strong defense is the best solution to ransomware to prevent it getting installed in the first place.
You must have a backup plan — literally. All files that could be affected by a ransomware attack should be backed up routinely (daily, weekly, monthly; whatever’s realistic). You can restore this data if your system becomes infected.
Periodically check the backup integrity to ensure you aren’t saving files that are corrupted or encrypted, inadvertently clobbering those that are intact. Also, always monitor backup failure alerts.
You must restrict admin and user privileges. Users should have least-privilege access to the network, and only be able to touch what they need while functioning as non-administrative profiles on their desktops. Consider a whitelisting approach to software deployment instead of an ‘identifying badness’ method.
Segregate your network, and ensure that devices and users only have access to limited areas.
Once you’ve covered these basics, here are a few extra ransomware precautions you should take.
Get a physical firewall that does content examination to block any executables.
Install an email filter that will block executables and more pernicious types of messages like macro-bearing office documents. All macro-bearing documents should be quarantined and the email filter must have several antivirus layers.
Use endpoint protection (i.e. a desktop antivirus) with the ability to detect if a program is trying to encrypt a file without authorization.
Get web filtering to ensure that malicious links are not followed.
If you’ve done all that and still (though very unlikely) somehow manage to get hit by ransomware, here are your options.
Lock it Down
Lock down the network and ensure the infection doesn’t spread, and survey the extent of the infection.
Is it Worth it?
Evaluate the time, money and effort required to recover the system versus paying the ransom. You’d be surprised that in many cases it is worth paying the ransom.
To Pay or Not to Pay
If you choose to meet their demands, most transactions are through Bitcoin. Numerous sites detail the payments process. If you decide to ‘not negotiate with terrorists’, your only option is having iron-clad backups — be sure you aren’t taking any shortcuts.
Hopefully this never happens to you. These ransomware solutions can help, but ideally you take action before you get hit.