Ransomware can represent a near-guaranteed and easy payload for some of the world's most sophisticated cybercriminals. This method of attack involves the encryption of data and a demand for a financial payoff in the range of hundreds to thousands of dollars.
For IT professionals, it's important to understand how this recent spike in malware attacks has the potential to impact your firm if you're unprepared. Join us as we review the state of ransomware and how businesses can be prepared.
The State of Ransomware
Ransomware can enter a company's network through several means. Phishing attacks are common, though TrendMicro notes that the malware may also be downloaded from malicious pages or dropped by exploit kits. Once a malicious executable has taken hold, users may face a lock screen or pornographic popups to intimidate them into paying ransom. In some cases, the user may be informed that their data will be erased in a matter of minutes.
How high is the cost of ransomware? It's challenging to estimate, particularly on a global scale, however,some conservative estimates are as high as 325 million USD per year. Raj Samani, CTO of Intel Security, believes at least some of these profits have gone "directly to innovating the next version or iteration of ransomware."
The Risks of Paying a Ransom
To avoid encouraging cybercriminals to launch cyber attacks, the FBI does not recommend ransomware bounties be paid. In addition, their website notes that in many cases, data assets are not released even after the ransom is paid. Instead, they advise organizations to prepare before they're targeted with solid prevention and business continuity planning.
For many organizations, facing a ransomware attack is inevitable. Here's how to prepare and protect your data now and prevent ransomware attacks.
How to Prevent Ransomware Attacks
1. Install File Integrity Monitoring
Once you've been hit with an exploit kit or malicious email attachment, is it too late? Not necessarily. The right agent-based file integrity monitoring software can offer critical protection against ransomware. This targets the threat before your entire network is infected.
CimTrak is the only file integrity monitoring software that offers administrative users the ability to completely remediate negative changes directly from the admin portal. With the help of real-time alerts, you can know the moment a malicious file begins making changes to your network.
2. Use Diverse Data Backups
Should your organization face encrypted data, having the ability to restore assets with minimal downtime will be critical. Even aside from ransomware threats, diversity in data backups can protect against data loss in a number of situations. By segregating your data backups from your network, you can plan for restoration even in the worst case scenario—a ransomware attack that doesn't unencrypt your assets.
3. Keep Your Antivirus Up to Date
Antivirus programs aren't guaranteed protection against ransomware attacks launched through phishing, but they can offer protection against exploit kit-initiated compromise.
4. Maintain Patching
An estimated 90% of information security attacks with data loss can be traced to just ten vulnerabilities. Many organizations can overlook long-outdated patches, even for years at a time. Much like an antivirus, patch updates can protect against exploit kits.
5. Remain Compliant
While organizations are getting better at complying with PCI-DSS standards, an estimated 80% fail at interim assessment. Moving in and out of compliance can increase your vulnerability to data loss through ransomware and other forms of information security attack.
Some activities required by PCI-DSS that may combat ransomware include, but are not limited to:
- Maintaining appropriate firewall configurations
- Implementing effective password policies
- Keeping antivirus up-to-date
- Regular security testing
- Policy and education
For more information, we recommend A PCI-DSS Compliance Overview: What You Should Know.
6. Improve Spam Protection
If your organization is not using customized webmail server settings or advanced spam protection to filter out potential phishing attacks, it may be time to consider upgrading your defenses against phishing. Blocking emails with potentially malicious file attachments, including .exe, .vbs, or .scr., isn't always certain protection against all forms of phishing or whaling attack. However, it can improve your safeguards.
7. Educate Your End Users
Phishing and ransomware are increasingly intertwined. While technical safeguards are crucial, it's important to acknowledge the human element of protection against phishing-originated ransomware attacks. Your organization's employees should be informed of the risks of ransomware, and their role in maintaining vigilance against malicious emails. Ongoing education, simulated testing, and training can increase the chances that your employees will identify malicious attachments or links before they've entered your system.
Is There Any Guaranteed Method of Protection Against Ransomware?
Like many other information security threats, ransomware is complex. Cybercriminals are investing millions of dollars each year into stronger code and smarter methods of network entry. Organizations should work proactively to combat this threat by adopting multiple layers of technical and human safeguards.
Agent-based file integrity monitoring is among the most effective methods of protection against ransomware, particularly if you opt for a solution that accommodates the remediation of negative changes.
CimTrak is a proven file integrity monitoring solution that can help immediately identify changes and alert administrators so they can fix problems as quickly as possible. To learn more, download our definitive guide to file integrity monitoring.
August 9, 2016