In a recent study conducted by Radware, C-level executives revealed that they had no interest in paying up if their network was hit by ransomware, but that response came before they were locked out from their data. Once they were actually attacked, nearly half of those executives admitted they have, indeed, paid the ransom.
The FBI warns against paying any type of ransom, saying that not only are there no guarantees the data will be released – something a hospital in Kansas discovered after paying a ransom once, only to find that a second ransom was demanded – but that by paying, it ramps up the incentives for even more criminals to get involved in the ransomware act.
Ransomware attacks are a fact of cyber-life in 2016, yet businesses, especially in the healthcare industry, seem to be caught unaware and unprepared, and some companies react because the either don’t have a choice (they may not have a readily accessible backup) or they panic. That raises the question: What should companies be doing to protect their data so that when ransomware strikes, paying the ransom is unnecessary?
The main strategy to ensure ransomware is ineffective is to have a proper staged backup plan in place, according to Kevin Curran, IEEE Senior member and senior lecturer in Computer Science at the University of Ulster. Files that are backed up offline can simply be substituted for encrypted files and no ransom need ever be paid.
“The backups should be serialized, with previous versions of files stored,” he explained. “Of course, these backups should not be stored on network attached drives as ransomware can infect shared and removable media.”
Another strategy is to authenticate in-bound emails. “This helps as the majority of infections arise from opening ransomware attachments,” Curran said. “Implementing a Sender Policy Framework, Domain Keys Identified Mail and Domain Message Authentication Reporting and Conformance can help guard against spear phishing and other attacks coming through spoofed email. These work together to validate the domain of the originating email server but sadly, not enough organizations adopt these standards.”
Awareness training is an absolute must, as well. When employees know what they are looking for – how to spy even the best-disguised phishing email or signs that a ransomware attack is beginning – they become the frontline of defense. If the ransomware isn’t downloaded, after all, there will be no need for a ransom to be paid.
Vaclav Vincalek, President of Pacific Coast Information Systems Ltd., has personally witnessed how security-aware employees can make a difference in being a victim of a ransomware attack and preventing the attack from happening. The customers Vincalek works with recognized that malware started to encrypt files, so they shut down the laptop and called IT department. “The IT guys turned off the switches to prevent the propagation of the virus,” he explained. “We did an assessment of the situation. We scanned the infected laptop, identified the signature of the virus and start scanning all the workstations in the office. Parallel to that we examined the file server where the files were encrypted. Once the assessment of the damage was done, the encrypted files were restored from backup, switches turned on and people continued working.”
These precautions aren’t fool-proof, however. As Tyler Cohen Wood, Cyber Security Advisor for Inspired eLearning pointed out, while backing up data is vital, when you back up the data is also important. There is going to be a gap of data that is missed between the most previous backup and an attack; how small that gap is depends on how frequently backups occur. Also, Cohen Wood warned, depending on the ransomware, it is possible that backdoors in hardware and software could be left behind by an attack.” By reinstalling from backups, you can most likely thwart software backdoors,” she said, “but I highly recommend having a forensic team go over the systems to ensure no hardware malware or backdoor surprises have been left behind.”
If you want to avoid being a statistic or you don’t want to resort to hoarding bitcoins, you’ll want to create a security culture in your company. “Security used to be considered an IT problem, said Stu Bradley, VP of Cybersecurity at SAS. “Given today’s threat landscape, security needs to be seen as every employee’s responsibility. This is particularly important in combatting ransomware.”