Is Paying up the Only Response to Ransomware?
Imagine walking into your office one morning to find a padlock on your computer. Sitting at your desk is a masked criminal demanding $5,000 for the key. Naturally, you hesitate, to weigh the options. Do you pay this criminal, hoping the key works and he or she vanishes forever? Or, do you ignore the criminal and spend days trying to recover your locked files?
This is what ransomware is like. It’s a type of malicious software that blocks access to computer systems until money is paid. Ransomware is one of the most pervasive threats to businesses today, especially with the emergence of crypto-ransomware, which encrypts files on victims' computers and holds them hostage until a payment is received.
The impact is huge: CrytpoWall reportedly infected hundreds of computers between April 2014 and June 2015, racking in approximately $18 million from victims who chose to pay.
Contrary to popular belief, the worst part of ransomware isn't even the ransom. The true damages occur due to employee down time, which can last for days, halting business operations and jeopardizing sales.
Ransomware attacks are growing in frequency, largely due to the increasing processing power of computers, which enables criminals to encrypt files in only a few hours, and the rise of anonymous payment systems such as Bitcoin, which makes it easy for criminals to accept payments with less fear of being traced.
Hollywood Presbyterian Medical Center understands this well after losing access to its PCs during a ransomware outbreak. The hospital forfeited $17,000 to hackers after employees spent 10 days relying on outdated fax machines and paper charts.
And there are many other such stories out there: Each new attack serves as a stark reminder that prevention, containment and business continuity techniques are crucial to keeping companies up and running in today’s threat landscape. This especially holds true when advanced ransomware, like TeslaCrypt, adds features that are “impossible" to crack.
It’s clear, then, that ransomware doesn’t discriminate. A recent reportrevealed that 48 percent of IT consultants surveyed across 22 different industries said they'd witnessed an increase in ransomware-related support inquiries in the previous 12 months from small businesses and enterprises alike.
So, no business or employee is safe. What can businesses do to prepare for what seems an inevitable ransomware attack? And, how can they avoid paying the ransom which will only serve to encourage criminals to repeat their wrongdoing? Here are three strategies:
1. Implement email defense software.
First and foremost, companies need to ensure that their email defense can recognize and block malicious web pages, or infected USB drives and zip files. For this reason, email defense solutions adopted need to go beyond anti-spam and virus-scanning; they should be sophisticated enough to recognize and block phishing attempts, which can spread ransomware.
2. Educate employees.
Email is the most common infection vector for ransomware, making it imperative that businesses create strong education programs to train employees to spot suspicious activity. Ransomware is hard to pinpoint, so it’s important for employees to know what to look for.
Additionally, these education programs should notify employees of the appropriate steps to take once a device exhibits the behavior of an infection. For example, do employees know to close their computers immediately in the event of a suspected ransomware attack? Do they know to take their computers directly to IT, so IT can isolate the device from the corporate network?
3. Set up real-time backup systems.
During a ransomware attack, what matters most is how quickly a business can get its employees back to work. Businesses are finding traditional back-up and file-sharing solutions inadequate because they don’t operate in real time.
Employees should be able to instantly roll back their file archives to a point immediately before the infection hit and access their files from alternate devices. Modern business continuity solutions that combine real-time backup, mass file restores and remote access can combat threats by minimizing the crippling effects of down time.
Infected users can stay productive, and businesses can dodge the need to pay a ransom -- which may or may not actually release the locked files. According to a recent study, 19 percent of companies that paid ransom didn’t end up getting their files back.
While businesses can’t control when they are attacked, they can control how well they are prepared. Many businesses have plans in place for natural disasters, power outages and other disruptions. Few have “e-crisis” response plans for threats like ransomware. It’s one of the reasons why ransomware is so disruptive for businesses and so profitable for criminals.
So, don’t give into cyber criminals by offering up Bitcoin payments, and shedding tears and suffering lost business. Instead, build out a continuity plan that keeps your business running as usual even during a ransomware outbreak.
Edited by Erik Linask