Ransomware is a problem that doesn’t seem to be going away any time soon – and it looks as though cyber attackers’ newest platform for digital crime, “ransomware-as-a-service”, might make the problem even worse.
In 2016 alone, tens of thousands of people were hit with some form of ransomware or malware attack – from large tech companies to regional hospitals to individuals. Ransomware is a form of digital extortion that encrypts its victim’s files and offers up the decryption key in exchange for payment. The following image shows a sample ransom note that a user infected with the ransomware virus Cryptolocker will receive.
Ransomware-as-a-service: The latest platform for digital crime
Cybercriminals are finding new ways to profit from their data-encrypting malware by renting it out as a service to anyone who is willing to pay to use it. This not only makes it more profitable for the developers and creators of the ransomware (they take a large percentage of each ransom paid by victims of the attacks), but also makes the malware more readily available to cybercriminals on the “dark web”.
With ransomware on the rise through these new ransomware-as-a-service platforms, businesses – small and large alike – need to make sure they take as many precautions as possible to prevent and be able to recover from an attack as effectively as possible. We’ve compiled a list of best practices to prevent malware attacks as well as ways to architect data protection and disaster recovery solutions to minimize the impact of an attack.
The best defense against ransomware is prevention
The best way to prevent a ransomware attack is to not fall victim to an attack in the first place. With most ransomware attacks being conducted through email, businesses should ensure that ensure that their employees are trained to exercise extreme caution before opening email attachments and clicking links contained within messages. Antivirus scanners can do a great job filtering known malware viruses from inboxes, but for those messages that do slip through the security gates, users should:
- Verify that the sender is legitimate. “Spoofing” is a way for cybercriminals to forge a sender’s name so it appears to be from someone the recipient knows.
- Check the attachment type before opening it. Executable files which end in “.exe” or “.dmg” will automatically run a program once opened.
In addition to providing employees with email security best practices, another way to help prevent ransomware attacks is by implementing software restriction policies (SRPs) on Windows computers. SRPs can be implemented to block executable files from running in the areas where Cryptolocker launches itself on a user’s computer. Here’s a sample of SRPs that can be implemented to prevent “.exe” files from launching in the user space:
Invest in robust disaster recovery and data protection
Last month, we put together a blog post to share how having resilient IT can really ease the pain following a ransomware attack. Should the first line of defense – using antivirus software and exercising IT security best practices – not be enough to prevent an attack, having a modern, robust disaster recovery and data protection can make all the difference in the world.
One of the biggest reasons that businesses give in to cybercriminals and pay their ransom demands is that the operational costs associated with downtime and loss of productivity outweigh the ransom itself.
Try to ask yourself this question: how much would it cost for your entire business to lose operations and access to data for 8 hours, a day, or even a week? What about if you were never able to recover that data at all? Is your data that dispensable? For some businesses, these questions have become a very scary reality after being hit with a ransomware attack like Cryptolocker.
Investing in a decent disaster recovery and data protection solution doesn’t need to be a time-consuming or complicated process, though. Just as ransomware is now being offer “as a service”, disaster recovery as a service solutions can provide on-demand failover and recovery capabilities for an entire business in just a few minutes. And the cost to implement it is just a fraction of what it would cost to lose a few hours of business.
Take steps now to avoid pain later
Ransomware has been a major topic in the headlines – and it looks like cybercriminals plan on keeping it there. As ransomware becomes more and more available, it’s really not a matter of “if”, but “when”, when it comes to a business being hit. It’s time to start taking steps now to avoid pain later.
Do you have any good suggestions in ways you’ve prevented or combatted a ransomware attack? Share them with us below.