Hospitals in Los Angeles, Kentucky and West Virginia are just the latest firms to get hit by Ransomware, a type of malware that prevents or limits users from accessing their systems until a ransom is paid. Unfortunately, this type of cyber-attack is increasing rapidly.
While many businesses don't think their small or relatively unknown companies could be targeted, the opposite is actually true. It's not a matter of if you will get hit, but when.
Recently, a local organization was struck. They were unable to restore the data from backup and was forced to pay the ransom. Luckily for them, the ransom wasn't that much and they received the data back. Thieves like to keep the ransom amount relatively low in many cases because they believe in doing so, they are more likely to get paid.
This organization engaged us to help them work through the problem and we discovered they had many gaps in their security controls, and unbeknownst to them, other malware on their system waiting to strike again. We rebuilt their entire security infrastructure and strengthened their endpoints because they were so vulnerable.
Ransomware infections are happening more and more in part because traditional antivirus software is unable to detect this malware. It operates in stealth mode and often bypasses basic security controls. It often arrives through people who browse the Web with outdated Web browsers and/or browser plugins like Java and Adobe Flash and Reader. Ransomware originators often gather personal information and use it against unsuspecting people by making an email appear from a friend or coworker, and ask for information or to click on a link, which opens the door for an attack.
So what can you do to protect your company?
- Don't just back up your critical data, make sure that the backup is working properly and that you test your data restore processes. It’s the restoring part that usually gets overlooked by many companies. So, test your entire system, make sure that your system can restore your data and then test that they data can be accessed after its restored.
- Continually train your employees on safety best practices, including hovering over links to make sure they are properly identified and to make sure they don't download any file from someone they don't know. This doesn't just pertain to desktop machines, but smartphones, tablets and any internet connected device. If your employee did win Powerball, they probably wouldn't be notified via email; nor would their inheritance be routed through a different country. This type of training should be done on a regular basis, not just annually. To determine who might be vulnerable to this type of attack, perform a phishing test as a foundation for further education.
- Audit your computer system and network to make sure you know and understand where your greatest vulnerabilities lie. One antivirus software product will not protect your entire infrastructure. Security today demands a layered approach with various controls.
- Because most malware comes through email that asks users to click on a link or download a file, make sure your security blanket includes products that monitor email, web sites and web traffic.
With an ever-evolving threat landscape, it’s more important than ever that companies reassess their security strategies, make sure they have an up-to-date audit of their security defenses, and have a continual plan in place to update and train employees on security best practices. No one in your company should still be using "password123" as their password, for example. Even just one instance of this password can be a conduit for widespread risk.
Do you need help identifying advanced persistent network threats and advanced evasion techniques that may be lurking within your company? We can help.