If there is one major cybersecurity lesson we learned last year it was this: Ransomware is here, and it isn’t going away anytime soon.
Ransomware is a type of malware that severely restricts access to a computer, mobile device, or file until the demanded fee is paid by the victim. Often, it arrives in the form a phishing email or message and begins its foul work as soon as it reaches your system. Regardless, victims are presented with a hefty ransom to regain access or you can kiss it all goodbye.
The first option is unpleasant. The second is unrealistic. So many organizations wind up paying the ransom. But, consider the consequence of doing so. If an organization coughs up the money, it’s not only funding cybercrime, but it’s also sending a signal to cyber-criminals: “hey, we’ve got money, we’ve got important data, and our systems aren’t equipped to combat such an attack, so we’re willing to pay what is demanded to get access to our stuff.”
In addition, we’ve learned from the past that ransomware isn’t a one-time deal. Take, for example, a Kansas hospital that was extorted twice. After succumbing to the initial ransom, the attacker demanded a second payment to unlock all files. In another instance, a Michigan radio station suffered from being hit with ransomware twice in two weeks.
Ransomware halts your business, halts productivity and, potentially, sets your organization up for failure. And those who’ve been affected by ransomware stand a good chance of being re-infected this year. For this, you can thank the number of digital entry points in an organization that a cybercriminal can exploit.
Another tool called a “backdoor.” It’s just like it sounds: cybercriminals build backdoors into networks for prolonged spying and re-infection. A backdoor is a technique in which a system’s security mechanism is bypassed undetectably to access a computer or its data. This means a cybercriminal can re-infect a network if a company does not perfectly clean and remove malware from its devices. All the cybercriminal has to do is wait for the right opportunity. Ransomware variants that install backdoors for later use are uncommon now, but they do exist and cybercriminals are actively testing them.
Cybercriminals can also use backdoors to monitor a network for sensitive data, such as login information, financial records, product development roadmaps and more. This data can be either sold or used to inform a second ransomware attack, one reliant on a phishing email, to re-infect a previously compromised system.
Finally, thanks to the Bring Your Own Device (BYOD) movement where employees are using their own devices, they may inadvertently introduce malware into a company’s network. This can be a frighteningly easy thing to do, especially if the company in question lacks sophisticated data monitoring security solutions.
So how can companies fight against this threat of ransomware? Well, there are a few possibilities. First is to implement a comprehensive email security solution capable of detecting and isolating potentially dangerous phishing emails. Companies will need to look for solutions that take on a multi-layered security strategy, such as sandboxing, behavior-based antivirus and construct a business continuity plan in the event a ransomware attack is successful.
That last part it is particularly important. Business continuity plans are a normal part of operations, usually constructed around worst-case and natural disaster scenarios. Companies need to start preparing for cyberattacks and investing in two major areas: real-time file backups and employee education.
Real-time file backups can help organization maintain a “clean slate” of files free from ransomware. These clean files offer a “get out of ransomware free card” since all you have to do is merely restore a clean version of a file and access it on another device. This also has the added benefit of eliminating one of ransomware’s more damaging aspects: employee downtime. In fact, a study on ransomware found that 72 percent of employees were locked out of their files for at least two days.
Finally, take the time to educate and test your employees on the latest cybersecurity threats on the market today. That means investing in cybersecurity training that tests your employees on how to detect phishing attacks and how to respond to them.
And it is profitable. In 2015, the FBI’s Internet Crime Complaint Center reported cybercriminals were able to extract $1.6 million in ransoms during 2015. In 2016, that figure was nearly $1 billion. How’d it grow so fast? Well, once cybercriminals began to realize ransomware’s power, they began asking for more in their ransoms. Today, the FBI reports cybercriminals can demand anywhere from $200 to $5,000 per user.
Cybercriminals are going to attack your business. You cannot control that. What your organization can control, however, is how prepared it is when it encounters an attack. Better preparation means your business suffers less downtime. It also means your employees maintain productivity even if the business is dealing with a threat like ransomware. And that’s the best defense against a second round of ransomware, not letting it hit you— again.