Posted on Monday, November 28, 2016 in CybersecurityBlog written by Rob Swenson
With good reason, this blog has focused a lot of attention in recent months on ransomware, a form of cyberattack been increasing at a rate that is almost alarming.
Cyber thieves use ransomware to extort money from businesses and individuals. Hackers infiltrate victims’ computer networks and either encrypt files or lock out legitimate users. Then the hackers demand payment – typically by anonymous digital currency - to restore the files or users’ access.
Total losses to organizations and individuals are in the hundreds of millions of dollars. Ransomware attacks and infections tend to increase every time an effective, new variety of attack is developed. Last year, cybersecurity forensics experts discovered approximately 100 families of ransomware, according to Symantec, a California-based company that specializes in security software and other technology services.
“The perfection of the ransomware business model has created a gold-rush mentality among attackers, as growing numbers seek to cash in,” according to special report published this year by Symantec, titled “Ransomware and Businesses 2016.”
“Organizations need to be fully aware of the threat posed by ransomware and make building their defenses an ongoing priority,” the report advises.
The FBI distributed a brief flyer that addresses ransomware to people who attended a recent, two-hour presentation designed to help businesses in the Sioux Falls area protect their electronic data. The Better Business Bureau hosted the free event, which SDN sponsored.
The FBI’s Cyber Division handout covers several suggestions for businesses to prevent ransomware:
- Implement awareness and training programs for employees.
- Patch operating systems, software and firmware.
- Set anti-virus and anti-malware solutions for automatic updates.
- Manage privileged accounts. No one should be assigned administrative access unless they absolutely need it.
- Configure access controls strictly. If a reader only needs access to read files, they should not have access to write to them.
To help ensure business continuity, it also encourages businesses to take the common-sense step of backing up data and regularly verifying the integrity of their backup system. Backups should not be connected to the computers and networks they are backing up.
Other protective steps include what’s referred to as “application whitelisting.” That means to only allow systems to execute programs that are known and permitted by security policy.
Interestingly, the flyer also spells out the FBI’s position on businesses paying ransom. While the FBI opposes it, leaders also acknowledges that when businesses are faced with an inability to function, executives will consider all options to protect shareholders, employees and customers.
“Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom,” according to the report.
“Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved,” the FBI says.
Ransomware victims are encouraged to report crimes to their local FBI field office and to the FBI’s online Internet Crime Complain Center.
SDN experts stress that in addition to having good, up-to-date security equipment, companies must train all employees well and keep their training up to date. That’s because more often than not, computing networks become infected with malware through human error and careless behavior rather than through mechanical failure.
All employees in an organization must be taught not to click on suspicious links, for example. And they should always be on guard so that they’re not tricked into giving out sensitive corporate information to outsiders.
Don't miss out on the latest cybersecurity news. Receive an email once a week with the latest articles. Just use the button below to subscribe.