Ransomware is a Serious Threat
Ransomware is malware which infects a system, then encrypts all of the victim’s data. The attacker will demand payment in order to unlock it. There have been some high-profile attacks recently, such as the Black Friday attack on San Francisco’s Municipal Transportation Agency. Due to the international nature of the web, and hard-to-trace virtual currencies like Bitcoin, it is difficult for law enforcement to bring attackers to justice.
According to a new report by Intel Security, the healthcare sector is experiencing over 20 data loss incidents per day related to ransomware attacks. The company said it identified almost $100,000 in payments from hospital ransomware victims to specific bitcoin accounts so far in 2016.
Brian Krebs, KrebsOnSecurity
Ransomware is now a very serious issue for businesses of all sizes. The choice between losing your data and paying a ransom is a lose-lose proposition, so it is crucial that your organization has the right technology and employee training in place to prevent an attack.
In September, the FBI published a PSA on Ransomware, including tips for defending against this kind of attack. I have condensed their suggestions into the guiding principles below:
- Keep Updated: Patch out of date software and operating systems asap. This is a safety tip that applies in virtually all security recommendations because the most recent version is typically the safest version. Attackers exploit weaknesses that developers will patch and fix. The longer you run an out-of-date system, the more likely you are to have problems.
- Vulnerability Scans: Regularly scan for viruses and malware. Make sure that your devices are clean at all times.
- Compartmentalize: Whenever possible, limit access to critical data and separate storage of files categorically or by value to the organization. Try to keep highly valuable research, confidential employee files, and proprietary information separate from common, broadly used templates or other basic documents. Follow the principle of least privilege, and only give employees access to the files they need.
- Back-up Everything: The goal of back-ups are to provide you with a restore point to fallback to should your data be destroyed. It is really important to keep that in mind when considering the threat of ransomware. Back-ups should be done regularly (automatically if possible) and saved on separate systems from the original data. If your hard drive is encrypted and locked by an attacker, your back-up will likely be inaccessible if it is located on the same device. Secure back-ups are best kept offline (drives not connected continuously to the internet or your internal network), cloud storage (with real-time backup disabled), or otherwise isolated from your regular systems.
Prepare Your Team
Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
FBI Public Service Announcement on Ransomware
Social engineering is at the heart of many ransomware attacks. Employees are tricked into downloading or opening an infected file in their email or on the web. Your company’s security is only as strong as your weakest link, and in most cases the weakest link is some form of human error. Education is the only way to reduce that risk.
The Big Picture
Strong security is the result of layered systems in place to augment a well trained staff. There isn’t any one software package or service that can keep you and your data safe. Reduce your risks, keep current, and stay vigilant.