How to Keep Your Company Safe from the Threat of Ransomware

Featured article by Xuyen Bowles, Sentek Cyber (a division of Sentek Global)

Not long after its debut in 2009, The Good Wife earned a reputation as the most tech-savvy show on television. Twitter, Anonymous, and Bitcoin are all featured prominently in legal cases tackled by the show’s lawyers.

It’s one of the few TV shows to portray the very real problem of ransomware. In a 2014 episode, Russian cyberextortionists encrypt all the files on the computer system of a law firm. The extortionists tell the firm that if they don’t receive a $50,000 ransom within 72 hours, all the data will be destroyed.

A lawyer at the firm remarks, “It’s absurd. It’s like modern-day piracy.”

Indeed it is. Ransomware is a real and growing threat that has only become more prevalent in the two years since that The Good Wife episode aired. In fact, in the past twelve months, ransomware rates doubled around the globe.

It’s such a serious threat that the United States and Canada issued a rare joint cyber alert earlier this year, warning of a surge in ransomware attacks. The FBI estimates that between April 2014 and June 2015, ransomware victims paid more than $18 million to cyberextortionists.

So what exactly is ransomware? How is it used? And how can your company avoid a situation where it’s paying for access to its own data?

What Is Ransomware and Who’s a Target?

Ransomware is a type of malware that prevents users from accessing the data on their computers. Cyberextortionists infect the computers with ransomware and then demand payment to unlock the data.

For companies attacked by ransomware, the cost is higher than whatever they pay to unlock their data. The disruption of corporate computer systems can also have a devastating effect on operations, in some cases making it impossible to operate at all. This is part of the reason companies whose work is time-sensitive, such as legal firms, can be attractive targets to cyberextortionists.

Traditionally, home users have been the targets of ransomware, but organizations with deeper pockets are increasingly targeted. The healthcare and public sector are popular targets, too.

In February, the Hollywood Presbyterian Medical Centre in California was infamously the target of a ransomware attack. Computers were down for more than a week until the hospital paid the extortionists the equivalent of $17,000 in bitcoins. In that week, the hospital reportedly lost more than $100,000 per day and was unable to provide urgent medical care, because it could not access patient records or operate machinery like CT scanners.

It’s not only hospitals that need to be concerned. Education is now the industry that receives the most ransomware attacks. One university in the UK was hit by ransomware 21 times in one year. This year, a Canadian university paid $16,000 in ransom to anonymous attackers.

Regardless of the industry, ransomware rates around the world have doubled in the past twelve months. Education, government, healthcare, retail, finance — no industry is immune.

Mitigating the Threat of Ransomware

Fortunately, there are steps your company can take to reduce the risk of a ransomware attack. Here are a few tips:

– Teach your employees about best cybersecurity practices. Educate your employees on the dangers of opening email attachments and clicking on links that seem suspicious or are from unknown senders.

– Control your network. Whitelist machines and computers so that only approved programs and executables can run.Use a feature like Microsoft’s Group Policy, which allows your network administrator to prevent users from executing unknown programs. Controlling what can run on your devices and network will make your company much less vulnerable to ransomware and other types of malware.

– Use anti-malware and anti-ransomware software. As ransomware has become more common, more products have become available to protect computers from ransomware attacks.

– Backup your data. It’s not rocket science, but it bears repeating because one-third of businesses don’t have backups for their crucial data. Backing up your data is extremely important. If your company has proper backups, it can’t be held hostage in the same way as a company without backups, or at the very least will have fewer of its operations disrupted in the case of an attack.

– Conduct penetration testing. Try to hack into your own system to find its vulnerabilities and assess your company’s ability to defend against attacks.

– Create a business continuity plan. With a plan in place, you will be better equipped to cope with an attack if it happens.

– Consider ransomware insurance. If you have a cyber insurance policy, ransomware may or may not already be covered. If you don’t have a policy, consider whether getting one makes sense for you.

What to Do if the Worst Happens

If you find yourself as the victim of a ransomware attack, here’s what you need to know.

– Contact law enforcement immediately. The FBI can provide assistance for ransomware attacks.

– Stop the attack from spreading further. Disable Wi-Fi and Bluetooth.Quarantine compromised devices before the ransomware can spread to other devices.

– Consider the risks before paying a ransom. The FBI does not recommend paying the ransom for many reasons. Paying a ransom does not guarantee your data will be decrypted; some organizations are never provided with decryption keys after paying a ransom. Further, once your organization has proved it’s willing to pay a ransom, it may be more likely to be the victim of ransomware in the future.

Some victims are able to decrypt their files without paying a ransom. Europol, Dutch Police, Intel Security, and Kaspersky Lab have a ‘No More Ransom’ initiative which provides decryption tools for many ransomware types.

There’s no question ransomware is a serious threat to companies all around the globe. Take the threat seriously. Keep your company safe from this form of modern piracy by investing in cybersecurity, and know what steps to take should you and your data fall victim to ransomware.

 About the Author

With 20 years of experience in the enterprise space, Xuyen Bowles now oversees one of the most successful cyber security firms in San Diego, CA. Sentek Cyber (a division of Sentek Global) offers a wide array of cyber security protection from penetration testing, consultancy, training to advance threat detection. “It’s not a matter of if, it’s a matter of when.” Ms. Bowles finds great gratification in helping companies ensure they are safe from data breach.