Ransomware. By now you have at least heard of it, but what is it, and how do you protect your business from Ransomware?
What is Ransomware?
Ransomware as defined by US-CERT is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored.
Payment is usually demanded in the form of Bitcoins in varying amounts. From the low $200 – $400 for individuals, to several million dollars for businesses.
Some variants encrypt not just local, but shared and networked drives.
Because it is effective. CryptoLocker generated an estimated $3 Million U.S, Dollars before being taken down by authorities, and CryptoWall is estimated to have generated $18 Million Dollars by the F.B.I. by June 2015.
What it Looks Like to be Infected:
How to Protect Your Business from Ransomware:
The best method of protection is a good data backup and recovery plan. Perform and test your data backups for validity regularly. Being able to restore critical systems to a state prior to infection is your best protection.
Additional Steps to Protect and Prevent Ransomware Infection
- Critical backups should be isolated from the network for the best protection.
- Enlist the use of application whitelisting to assist in the prevention of malicious software and unapproved software from running. This is one of the BEST preventative methods.
- Keep your Operating System and other software up-to-date by installing the latest patches. Vulnerable software systems are often targeted.
- Utilize up-to-date anti-virus software and scan all software prior to executing.
- Restrict a users’ permissions to install and run software applications. Apply the principle of “Least Privilege” to all systems and services. Restricting privileges may prevent Ransomware and other malicious software from running and/or limit its capability to spread throughout the network.
- Avoid enabling macros from email attachments. For some organizations, it may be best to block emails with attachments from suspicious sources.
- Do not click on unsolicited web links in emails or on Social Media.
- Provide training to employees on Good Security Habits, Safeguarding Data, and Recognizing and Avoiding Email Scams.
Individuals and organizations should not pay the ransom and paying a ransom does not guarantee that files will be released, or prevent future infections.