While botnets and spam email used to be the top cyber security risks in organisations, they are no longer in vogue. Instead, they have been replaced with the new 'It girl' (or should we say IT girl, ha!) of cyber hacking – ransomware.
Hospitals, universities, law enforcement agencies, local governments, home-owned businesses, multinational corporations – these are all examples of enterprises that have been attacked by ransomware – a malicious software that encrypts important user data in order to extort payment.
Although ransomware attacks have only started becoming ubiquitous in the past three years, this technique is no new phenomenon. In fact, ransomware has been around for almost 30 years! So why has it only recently become an epidemic? The answer lies in the arrival of bitcoin. Unlike credit cards or PayPal, which are traceable, bitcoins allow hackers to receive payment anonymously and get away with cyber crimes easily. To make matters worse, ransomware builder kits are readily available in the Dark Web; and some of these kits are even free! This, coupled with the increasingly sophisticated hacking techniques and the lack of vigilance on the part of organisations, has allowed cyber criminals to turn ransomware into today's cash cow.
Who is particularly vulnerable to a ransomware attack? Well, the plain and simple answer is... everyone. And it's the truth – according to a ransomware research report by Kaspersky Lab, there were more than 2 million computer users all over the world that encountered some form of ransomware from April 2015 to March 2016. Another research done by the Cyber Threat Alliance (CTA) estimated that the total amount paid to cyber criminals could be as much as $325 million for CryptoWall ransomware. While that's a staggering figure, it is not surprising. After all, the majority of these cyber criminals behind ransomware attacks are after money, and this means they launch attacks on individuals and corporations indiscriminately.
Although the prospect of losing all the data in their computers must be crushing to individuals too, the impact of these security breaches may be more severe to organisations.
Firstly, considering the more dire consequences of losing corporate data, cyber criminals often demand a much larger ransom from organisations. While ransom notes to individuals usually demand three to five hundred dollars, hackers can extort up to tens of thousands from organisations. A recent example would be the University of Calgary in Canada. The school administration paid $20,000 in ransom after an attack on its computer systems in June 2016, so as to protect the integrity of the University's research.
Additionally, a security breach may bring negative publicity or loss of consumer confidence to an organisation – which could in turn affect the stakeholders, share prices and sometimes the viability of the enterprise. According to a global survey conducted by Safe Net, nearly 65% of the 4,500 respondents surveyed would never, or were unlikely to shop or do business with a company that experienced a data breach where financial data was stolen. These results illustrate how severe the impact of security breaches may be, particularly if the incident is not handled well.
So what can your organisation do to step up against data-kidnapping cyber criminals? When an organisation suffers a data breach, it's easy to pinpoint the employees who accidentally clicked on a malicious link or downloaded a malicious attachment from their email as the weakest link. I mean, if they were more careful, none of this would have happened... right?
While it's true that educating employees could go a long way in improving a company's resilience to ransomware, the responsibility of cyber security does not lie entirely on the shoulders of employees. Over the years, social engineering has become so sophisticated that even vigilant employees may be duped. To successfully combat ransomware, it is crucial for the organisation's management to put in place sufficient controls and recovery processes. This way, when a hostage situation occurs, it becomes more of an inconvenience rather than a grave business threat.
Here are six procedures organisations should consider in order to guard against ransomware:
1. Back up all critical data
Having a regularly updated backup of critical data is the most important safety measure against ransomware attacks. In case of a ransomware attack, the organisation is still able to restore their system or other lost documents back to an earlier version. While this means you may lose a day's work, your organisations can avoid paying a rather hefty ransom. Minimally, there should be two backup copies one to enable on-site recovery, and another for vaulting to a secure off-site facility (this is because hackers are sometimes able to encrypt backups as well!).
By creating a whitelist, malicious software and unapproved programmes are prevented from running on an organisation's network, thus reducing the potential risks of cyber breaches. You may be wondering, why not a blacklist? The sheer volume of viruses today makes it difficult to keep track of virus signatures, and thus rather than play a never-ending game of cat and mouse, create a whitelist of IP addresses and websites. So define what you know to be acceptable and block everything else.
3. Network segmentation
Define different zones based on where your sensitive and important information lies, and restrict access to the zones. For instance, a third party that has no need to access the organisation's financial records should not have access to it. Network segmentation is a significant, long-term project, but it goes a long way in limiting the impact of ransomware on the organisation.
4. Keeping anti-virus and firewalls up-to-date
Maintaining up-to-date anti-virus and anti-malware capabilities, as well as appropriate firewall configurations are good practices, as certain variants of malware tend to terminate themselves if anti-malware software is present on the compromised machine.
5. Be sure to patch vulnerabilities in software and systems
Cyber criminals often rely on outdated software with known vulnerabilities in order to hijack a system. Thus, keeping the operating system and software up-to-date with the latest patches can significantly decrease the potential of ransomware attacks.
6. Email security
Most ransomware enter a system through an attachment to an email message, so a robust email security system that scans all attachments for malware should be a part of a good defence against this type of attack.
Following these steps can dramatically help protect your organisation against ransomware threats. To learn more about how Quann can help to further protect your organisation from cyber threats, as well as recover from cyber breaches, contact us today.