On Friday, May 12th, 2017, the world was hit by a fast-moving Cryptoware infection, WanaCrypt0r. Over 81,000 infections were reported globally within 12 hours.
The cyber attack forced 16 hospitals in the United Kingdom to shut down operations and stop admission of new patients. Telefonica, Spain’s largest telecom company, was hit and reported that the company would have to pay approximately $550,000 to unlock all encrypted files on their network. Banks, universities, utilities, telecoms, healthcare, and other industries all reported similar experiences worldwide.
[You Might Also Like: Blog Article - "WanaCrypt: How a Layered Approach to Security Protected Prosource Customers From a Global Ransomware Outbreak"]
With ransomware becoming increasingly profitable to criminals and with criminals now having resources to hire professional developers to build sophisticated malware, ransomware will continue to rise in businesses across the economy.
Ransomware has the capability to completely disable businesses of any size and type so it’s important to know what ransomware is, what kind of risk it poses to you, how attacks like this can occur, how to know if your PC is infected, how to safeguard your business from attacks, and what to do if your business falls victim to a ransomware attack.
What is Ransomware
Ransomware is a type of malware that silently encrypts files on computers. After a successful ransomware attack, criminals hold data “hostage” and demand payment be made via Bitcoin, or other untraceable currency, before they will provide the decryption key necessary to unlock the files. Not only can your most valuable files - photos, documents, and spreadsheets - be compromised, it can also lock down system files to render your web browser, applications, and entire operating system unusable.
What risks are associated with ransomware
Ransomware can disrupt business operations or shut down business entirely. Significant harm can be done to personal data when a computer is infected with ransomware, especially if that device contains sensitive consumer or other personal information. During a ransomware attack, businesses lose the ability to maintain day-to-day operations which means people can be denied critical access to services like healthcare. The Federal Trade Commission has consumer protection laws in place which means that if a company fails to update its systems and patch vulnerabilities known to be exploited by ransomware, they could be in violation of Section 5 of the FTC Act.
How ransomware attacks occur
The most common ways ransomware is installed on computers are through phishing emails and visiting a website that contains a malicious program.
According to the Federal Trade Commission, 91% of all ransomware arrives through phishing email campaigns. Phishing email campaigns typically require the user to take action such as clicking on a link or downloading an attachment.
Other campaigns use drive-by downloads that only require the user to visit a website that has been compromised. Once the site loads, the ransomware is automatically downloaded onto the victim’s computer.
How to know if a PC is infected
When a cyber criminal successfully encrypts your files and gains access to a PC, a message will pop up demanding payment. The amount demanded can range from a few hundred to tens of thousands of dollars.
Typically, criminals demand between $500 to $1,000 to release your data; however, in some cases as much as $30,000 has been demanded. If payment isn’t made in a specific timeframe, some hackers will delete the files held hostage.
How to safeguard your business from ransomware attacks
There are several things you can do to defend against the threat of ransomware, including:
- Train employees on how to spot and avoid phishing attacks
- Implement regular educational and awareness programs that train employees how to exercise caution online
- Backup your data regularly
- Install and enable antivirus protection
- Keep backups disconnected from your network so they are recoverable in the event of an attack
- Prepare for an attack by developing and testing incident response and business continuity plans
- Assess all devices connected your network to identify risk of malware exposure
- Identify technical measures that can mitigate risk
- Implement procedures to keep security current
- Keep all software up-to-date to eliminate known vulnerabilities
What to do in the event of an attack
If your business falls victim to a ransomware attack, do not pay the criminal. Paying criminals gives them an incentive and the means to develop better ransomware. If you pay, that also doesn’t guarantee that your encrypted data will be returned. There is also no guarantee that the ransomware will be completely removed. With access to your device, the criminal can unencrypt your files and leave the malware on the device to monitor your activities and steal additional information.
Instead of paying the criminal, you should do the following:
- Implement your business continuity plan to restore systems from backups with minimal data loss or business interruption
- Contact law enforcement such as a local FBI field office
- Keep ransomware from spreading to networked drives by disconnecting the infected computer from the network
Ransomware is one of the most dangerous emerging trends in malware, and it is continuing to grow in complexity and destructive potential. To protect your business from a ransomware attack, start by following the tips for safeguarding your business from attacks outlined in this article. You may also consider partnering with a IT services company to develop and implement a business continuity plan to ensure that assets are protected and able to function in the event of a ransomware attack or any other disaster.