In recent weeks alone, the Kansas Heart Hospital in America was sent into meltdown as essential data was held to ransom by criminals, forcing a huge amount of financial and reputational damage to the organisation with only a small return of data even when the fee was paid. With important and sensitive data now being hosted on almost every machine, this is proving incredibly lucrative for cyber crooks, and attacks are increasing rapidly as a result.
Recent statistics from Trend Micro show that there were more attacks in February this year than the whole first six months of 2015, highlighting the reality of the threat. With businesses often holding large quantities of valuable data, along with the means to pay off bigger ransoms, they are often targeted. In particular, small- to medium-sized businesses are susceptible to attacks and can be caught off-guard.
Aside from removing themselves entirely from the internet, it’s almost impossible to completely eradicate the threat of cyber attack. However, by taking measures to protect data and make the network hard to penetrate, businesses can drastically reduce their chances of becoming the next victim.
As a first port of call, ensuring they have an effective back up file system in place will help businesses greatly reduce the impact of an attack if successful. Ransomware relies on the prevention of access to files meaning a business can by-pass this by simply replacing the encrypted files with a copied version saved elsewhere.
However, many companies do not go far enough and their back-up is still leaving them susceptible.
Even with a back-up plan, the time it takes to engage with copied files will result in downtime and potential financial loss
The main problem is that many back-ups are not resilient enough to cope with ransomware’s ability encrypt files in the background, before revealing itself. This means back-ups can often contain the malware too, rendering them useless.
Businesses must therefore ensure that any back-up process goes back at least a few months so there is at least one copy that does not contain the malware.
Furthermore, many ransomware programmes can encrypt all mapped files on a system, meaning even back-ups can be encrypted. In light of this, businesses also need to retain some of their back-ups offline or stored in a completely separate location to prevent ransomware infecting them too.
It must also be noted that even if these back-up criteria are met, it won’t mean that these companies are immune from attack. Even with a back-up plan, the time it takes to engage with copied files will result in downtime and potential financial loss. There’s also nothing to stop a second attack. Therefore, to best prepare, businesses need to lock down their networks to try and eradicate the threat.
The vast majority of ransomware attacks come in the form of ‘phishing’ emails, posing as correspondence from legitimate organisations, tricking users into downloading the malware. Educating employees on what to look out for can therefore go some way to preventing this, but due to their genuine appearance, which can often trick even the savviest, a strong anti-spam system can be far more effective.
For example, implementing an email security gateway that sits on the network will check and filter emails before they reach the end user. Although there is often anti-spam software already set up on individual machines, these are often easy to disable and allow things to slip through the net.
By implementing a security gateway, which checks information such as the sender, subject line and IP address against a constantly updated database, businesses are more likely to stop phishing emails in their tracks. In addition, an anti-virus appliance that will scan and block certain files, such as the .exe and .bin files common with ransomware, will add another layer of security for those files that slip through the spam filter.
Ransomware can also infect machines when employees visit sites with security issues. For example, criminals will place malicious links on websites causing users to download and install ransomware.
As a result, employees must understand that they should stay away from ‘dangerous’ sites – often the ones containing adult or pirate material. In the worst case, criminals have been known to buy advertising space on legitimate websites encouraging downloads of ransomware.
To combat this, a content filtering tool, which screens urls against a security database before allowing access, should be put in place to stop downloads getting through. By doing so, businesses are adequately protecting their employees from being caught out by an unexpected ransomware attack.
Now this might sound like a lot of technology, but the reality is that the majority of these solutions are relatively cheap in comparison to the fallout of a ransomware attack
Now this might sound like a lot of technology, but the reality is that the majority of these solutions are relatively cheap in comparison to the fallout of a ransomware attack.
Back-up processes can be made ransomware-proof with some small updates and network security tools (anti-spam, content filtering and anti-virus) are also often available as a single unit at a cheaper price. Often these will also contain additional bonus tools too such as intrusion detection which can monitor abnormal behaviour on the network.
Considering these options against the potential business and reputational damage that can be done by ransomware, it makes sense for organisations to take precautionary steps to prevent further damage in the long term. The more quickly that businesses implement these tools, the more ransomware will become obsolete in the future.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
