Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks, and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and loss of critical information and data. In the world of IT Security, ransomware attacks are common and it is estimated that a ransomware attack occurs every 11 seconds.
The top ways cybercriminals gain access to a corporate network is through the end users--i.e., employees, most often in phishing scams. Attackers use social engineering methods to send ransomware through legitimate appearing emails that can include hyperlinks that download a piece of software or an attachment that appears to be something else like a PDF document. Many cybercriminals will hide ransomware in free downloads on legitimate looking websites as well.
There are several things the malware might do once it’s taken over the victim's computer, but by far the most common action is to encrypt some or all of the user's files which can only be decrypted with a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now inaccessible and will only be decrypted if the victim sends an untraceable payment to the hacker. Once ransomware infects one device, it can spread silently to all networked devices if undetected.
Who is at risk?
Some markets are more prone to ransomware—and to paying the ransom. Many high-profile ransomware attacks have occurred in hospitals or within healthcare organizations. Hackers know that, typically, these enterprises are more likely to simply pay a relatively low ransom to make a problem go away. It's estimated that 45 percent of ransomware attacks target healthcare organizations. Another tempting industry? The financial services sector. It's estimated that 90 percent of financial institutions were targeted by a ransomware attack in 2017.
How can I avoid a ransomware attack?
There are a number of defensive steps you can take to prevent ransomware infection. These steps are good security practices in general, so following them improves your defenses from all sorts of attacks.
- Train your employees!!!! This should far exceed the simple understanding of how to recognize an attack, but should rigorous and continuous education. Your employees need to understand the motivations behind a ransomware attack; what to do if they believe your organization has been targeted; how their actions will influence the outcome; and what the recovery process will include.
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Don't install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive.
- Install whitelisting software, which prevents unauthorized applications from executing in the first place.
- Back up your files, frequently and automatically! That won't stop a malware attack, but it can make the damage caused by one much less significant.
Ransomware can be detected with the correct security software. Ransomware attacks combine multiple advanced technologies and techniques. To minimize your risk of attack, you need to deploy security solutions that disrupt the whole attack chain, not a single piece of malware. pim's advanced managed threat response, powered by SOPHOS, has advanced threat hunting, detection and response capabilities that takes action to neutralize threats from ransomware. pim's Business IT Solutions (BITS) package has services available to help your organization.
What do I do if my organization has fallen prey to a Ransomware attack?
The FBI officially recommends to not pay the ransom as this can encourage further attacks and there is no guarantee that after payment your data will be released. Ransomware can sometimes be removed, but a secure backup of the data and a fresh install would be best.
Immediately isolate the infected machine from the network. Call an IT professional to determine the type of attack and the scope. Clean the machine if possible, and if not; wipe the data and restore from a known good backup.