The phrase “crippled by ransomware” may sound like the title of a B-grade horror movie, but that phrase comes with a very real and very terrifying meaning for businesses. Whether you call it cryptoviral extortion or just plain old Ransomware, this type of malicious software continues to be an issue for companies of all sizes. And while these attacks have been around for several years, they are on the rise with no end in sight. In fact, the number of ransomware attacks more than doubled in Q1 2022 to the total volume reported for 2021, according to new cybersecurity research from the WatchGuard Technologies Threat Lab.
What is ransomware?
Ransomware is malicious software (or malware) that is installed onto a computer system and then used to lock the system, essentially holding its data hostage. The attacker requires payment in exchange for unlocking the system and/or data. The ransom amount demanded is often paid in cryptocurrencies, like Bitcoin, which are difficult to trace since they are not directly connected to a specific individual or country. This enables cybercriminals to remain anonymous and continue to commit these crimes. There are several different types of ransomware. The most common way that it spreads is through spam emails with malicious links or attachments that trick people into clicking on them. Once a computer is infected, the virus may try to spread to other computers on the same network.
Why is Ransomware so effective?
Traditional data security strategies such as anti-virus software, firewalls, and other network protections are designed to prevent outside threats, like hackers and malware, from entering a company’s network and stealing data. But ransomware is different. Ransomware works by infecting a network and then taking control of critical systems, like servers, databases, and HR systems, to hold those systems and their data hostage and extort money from the business owners. Ransomware is so effective because it attacks the most critical systems in a company and then holds those systems hostage. This makes it nearly impossible to keep the business operating as usual. And since ransomware attacks are unpredictable, there is no way to protect against them, except to pay the ransom.
Often times when malware is discovered in the wild, it is difficult to dissect and study due to its anti-analysis capabilities such as detecting whether the virus is being executed in a sandbox, decompilers, disassemblers, PeStudio, or event logging tools. Sometimes boasting several layers of obfuscation, they can completely hide from analysts, including certain Endpoint Detection and Response (EDR) tools.
How do you know if you’ve been hit with ransomware?
The most obvious sign that your network has been infected with ransomware is if your systems start to behave erratically, or lock up, or if your employees receive a message from their computer that they’ve been locked and need to pay a ransom in order to regain access. While you can’t know for sure if your systems have been compromised until they have been taken, there are several preventive steps that you can take to help protect your company from ransomware attacks, including:
Keeping your software up to date, including operating systems and all network software.
Tell yourself and your colleagues to slow down and think critically about the email messages you are receiving before acting in response to them.
Enabling multi-factor authentication where you can is a key component of most cyber insurance policies and can significantly reduce the risk of unauthorized access.
Create a strong password policy and provide end users with a password manager along with education on how to use it.
Using email protection tools, network filtering and security tools to block known malicious traffic.
Cybersecurity awareness training to educate employees on how to spot and report suspicious emails and websites.
Segmenting your network so critical systems are not accessible by employees.
Recovering from a ransomware attack
If your company has been hit by ransomware you have two options: paying the ransom or recovering without paying the ransom. If you pay, you risk encouraging more ransomware attacks. If you don’t pay, there is a chance you will be able to recover without paying the ransom. If you want to recover without paying the ransom, your best bet is to seek out an expert team of cyber security responders who can help you. Ransomware attacks are unpredictable and unpreventable. You can never know when one will target your company. Having a plan in place to respond quickly and recover from a ransomware attack quickly is critical to your company’s survival.
The benefit of prevention
The best way to protect your company against being crippled by ransomware is through prevention. While there is no way to 100% prevent ransomware attacks, by following these best practices, you can help protect your company from ransomware attacks, as well as other cyber-attacks, like viruses, data breaches, and network breaches.
Conclusion
Recently introduced to Congress was the Small Business Cyber Training Act of 2022. According to the law, the Small Business Administration must establish a program for certifying at least 5 or 10% of the employees of a small business development center to provide cybersecurity planning assistance. On September 29, 2022, the Senate passed the bill, which was then sent to the House of Representatives.