Analecta Cyber Company Blog: Protecting Your Network From Ransomware

2018-11-20

Protecting Your Network From Ransomware

Ransomware victim screen - Analecta LLC Screen Protecting your network from ransomware banner - Analecta LLC GraphicAs if protecting your network from malware: viruses, trojans, worms, etc. isn’t enough...

Ransomware is a form of malicious software that denies the target the accessibility of information. The attackers usually promise to return access to the files after you have paid a ransom - often through bitcoin or other anonymous currencies.

Unfortunately, this malware uses military-grade encryption to lock your files away. In many cases, this encryption cannot be undone without the decryption key from the hackers. Many small and medium-sized businesses, or SMBs, have fallen victim to ransomware over the last several years as larger companies have improved defenses against cyber threats. Hackers are causing billions of dollars of damage and lost revenue using this single tactic. Some ransomware actors add pressure to the already stressful situation by deleting files for each hour that the ransom is not paid.

“Companies are aware of the ransomware threat but believe they are too
small to be a target.”
-2017 Poneman Report on the State of Cybersecurity in SMBs

Ideally, you would not put yourself in a position to introduce this sort of malicious code into your networks by being aware of social engineering attempts that try to entice you to open an infected file. Since that is still one of the most effective methods hackers use to place malware on a target network, you need additional protection. Keep the virus definitions up-to-date. This may not protect from brand-new ransomware attacks, but AV companies are quick to get definitions out the door when the ransomware is identified – another reason to have daily AV update pings. To avoid the pain and damage to your organization that a ransomware attack can inflict, take time before one occurs to position yourself better.

The grim facts 


In the 2017 State of Cybersecurity in Small and Medium-Sized Businesses Ponemon Report, companies comprised of 10-1000 employees were asked about malware. Here are some of the highlights:
  • Of the 600 respondents questioned, 52% state their companies experienced a ransomware attack, compared to only 2% the previous year. 
  • Of this 52%, 53% stated they had been victims of two or more ransomware attacks in the last 12 months. 
  • The main causes of the ransomware infections were by phishing/social engineering attacks and through web-based applications. 
Your computer has been locked graphic - Ransomware attack screen graphic
Two things to remember above all else: 1) The IRS does not make phone calls and 2) the FBI doesn’t tell you to pay a fine to unlock your files. Above is a bogus popup stating that your machine has been locked by the FBI and that you must pay a fine to unlock it or face arrest and jail time.  

Improving security


Basic proactive security practices are the best way to avoid threats like these. Here are some quick, simple actions you can take that may SAVE you if you're attacked by ransomware.
  1. Set a policy that establish best practices on ensuring network computers are only used for their intended purpose and how the company will respond to ransomware threats.
  2. Activate a simple procedure for staff to follow if they see evidence of ransomware. The best practice to date is to unplug the computer.
  3. Verify you are able to read backed up data on a monthly, weekly or daily basis depending on the importance of the data and the need for most recent files. 
  4. Ensure your computer systems are up-to-date with the latest antivirus software and operating system patches to reduce your risk to these and other cyber threats.
Finally, it's important to understand that being attacked by ransomware does not automatically mean that you have encountered violations of confidentiality. In many cases, ransomware operates by encrypting data locally and only sends the secret unlock key to the attackers. In scenarios like this, the attackers never viewed, accessed nor downloaded electronic information - they simply made it unavailable to you.

For more information on protecting your network and systems from other malicious traffic, visit these articles:

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium-sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives. Email us at info@analecta-llc.com or visit our Cybersecurity website. 

Further Resources

No comments :

Post a Comment