Ransomware has made headlines in recent years, and for good reason. Each year, ransomware is becoming more expensive to resolve. Recently, ransomware has trended towards attacking companies, municipal and state governments, and other organizations. However, individual users are still at risk.
What is Ransomware?
Ransomware refers to a type of malware that encrypts (meaning, makes indecipherable) files or hard drive discs on a computer or server and demands a ransom be paid in order to receive the key that would decrypt those files. There are a number of different kinds of ransomware, and each one has its own method of locking up files and denying access.
Some types of ransomware attacks use deception and social engineering, relying on a victim to click on a link or attachment in a phishing email. Other, more sophisticated strains of ransomware (the kind more likely to go after a big organization) may take advantage of vulnerabilities in software and protocol misconfigurations in order to bypass security and spread infection. Very often, the bad actors behind the ransomware will combine different kinds of malware to deliver the ransomware or make the problem worse for the victim. Some types of ransomware even behave like malware worms, autonomously spreading itself and infecting all devices on an interconnected network.
For individuals there are a number of steps you can take before, and after, an attack occurs:
- Be sure to keep your operating system up-to-date on patches, especially if they are labeled critical. Set your updates to download and install automatically, and restart your computer when prompted.
- Use and maintain antivirus software. Perform regular scans on your files and use it to scan emails and attachments.
- Use a firewall and do not turn it off!
- Educate yourself. Learn how to spot suspicious emails and the tactics employed to try to fool you into clicking on malicious files.
- Back up your files. You can make images of your computers files and discs and store them separately from your computer. In the case that you get ransomware, you can use these backups to restore your computer. You might lose a little bit of data (depending on how often you make your backups) but you won’t lose everything. Additionally, some software and services may help you accomplish this easily. Test your files every now and then to make sure they work as intended.
- If you become infected with ransomware, you can file a complaint at the FBI’s Internet Crime Complaint Center www.ic3.gov.
Businesses, organizations, and government entities can also take steps to protect themselves against ransomware. Every organization’s structure is different and can vary in function and complexity. Some solutions will work for some organizations, but be ineffective for others. The following are some steps that organizations can consider, but ultimately an assessment of their needs should direct the appropriate security actions to be taken:
- Apply security patches in a timely manner. In the case of critical security patches, time is often of the essence. Additionally, don’t forget to update firmware on devices.
- Segment networks. Identify and classify sensitive data and segregate it onto separate networks. Control access to and add security controls that monitor the status of these networks.
- Employ antivirus, firewalls, and intrusion detection/prevention systems to monitor traffic for suspicious activity and malware. Keep this software up-to-date and check configurations regularly to make sure nothing has been changed.
- Educate your users. Provide security awareness training that teaches users how to spot phishing attacks and other social engineering tactics.
- Formulate policies and procedures and codify security expectations.
- Implement least privilege access policies. Do not assign more privilege to a user than they need in order to fulfill their duties. In the event that their account becomes compromised, if their access is limited they cannot do as much damage. Likewise, implement an exit policy so that when a user leaves the organization all of their accounts are terminated.
- Review your settings for Remote Desktop Protocol to make sure you are only allowing for the right kinds of connections.
- Have backups. Depending on the nature of your organization’s work, you may opt for daily, monthly, or weekly backups. Store these backups offline from the network and test them regularly to make sure they work as intended. Educate users on which drives are backed up, so they know where to save important information.
- Use multifactor authentication, which adds a layer of protection in case credentials become compromised.
- If your organization becomes infected with ransomware, contact your local law enforcement and the FBI’s Internet Crime Complaint Center at www.ic3.gov.
There is also insurance available that covers cyber incidents that may also have plans for ransomware attacks. These policies can expand the number of options that an organization may have with regards to dealing with ransomware. While these policies may add some assurance that a company or organization can more quickly recover, keep in mind the risks associated with paying hackers the money they’re asking for. Even if you decide to use the insurance to pay the ransom, there’s no guarantee that you’ll get the decryption key.