How Are You Protecting Your Company From Ransomware?
Last month we warned ransomware attacks are on the rise amidst the COVID-19 pandemic. While these attacks are bad enough in the best of times, ransomware continues to be a huge information security problem for all companies, municipalities and individuals. Even hospitals and healthcare professionals are getting warned about possible attacks as they provide care during this critical time. In these uncertain times, how prepared are you and your data against an attack?
What is Ransomware?
Ransomware has been around for over three decades.
At its simplest, ransomware is malware—malicious software used by hackers—that makes a victim’s files unusable by encrypting them. While we usually think of encryption as a good thing, when it comes to ransomware it’s not. Once the hacker encrypts the victim’s files, the victim can no longer access them. Next, the hacker demands payment from the victim in order to unencrypt and restore access to their files. Hackers typically request payment in Bitcoin or other untraceable crypto currency for a decryption key to unlock the victim’s files. But, even if you pay the ransom for decryption (which is not advised!), sometimes the files are not able to be recovered.
Ransomware attack methods change and evolve over time. Currently, Remote Desktop Protocol (RDP) open to the internet, phishing attacks and exploits of software vulnerabilities continue to make ransomware economically viable. These areas need to be addressed in order to survive against the ransomware onslaught. See this report for more details Coveware’s Q4 2019 Ransomware report.
Costs of Ransomware
Ransomware payments vary greatly depending on the size of the company and the severity and duration of the attack. Last year, the average ransom payment was around $84,000; as small businesses were ransomed for as little as $1,500, while larger enterprises reportedly paid out as much as $780,000. Although it is not advised, nearly 15% of entities and people pay ransom to their hackers. Ransomware victims resorting to this are clearly desperate for their data and are willing to pay the price and/or spare embarrassment to get it back. Some companies have determined paying up to be less costly than other recovery options, however doing so will not magically solve all your malware problems.
According to Emisoft’s 2019 ransomware report, the estimated U.S. financial impact of ransomware last year was in excess of $7.5 billion. Though this number may be shocking, it does not fully or accurately describe the multitude of indirect costs. Enforced downtime and lost or unrecovered data caused major disruption and delays to daily operations for businesses and institutions. Broader economic impacts include legal liability issues, lost medical records, brand damage, and even collateral damage as hijacked data later found its way onto the dark web or played a part in other sophisticated malware schemes.
Defending Against Ransomware
Here’s what you should be doing to minimize the chances of your data being breached and ransomed:
Training: Train yourself and staff to understand your enemy and how they operate. Many ransomware attacks come from phishing. Learn what phishing emails look like and how to avoid them. Where else do they come from?
Backups: Make sure you back up your critical business data. Backing up your data, means you have copies of the data even if the hackers encrypted the originals. Good backups enable you to retrieve your data without having to pay ransom to hackers.
Testing: Test your backups regularly. This is key to any disaster recovery program and critical to making sure your data will be there when you need it (i.e. when the hackers encrypt it and you’re out of Bitcoin).
Disable RDP and Address Vulnerabilities: RDP open to the internet should be disabled ASAP. It is generally not needed internally either and should be disabled unless necessary. Managing vulnerabilities is a full-time job but is critical to protecting your company from all sorts of malware including ransomware. Develop a robust vulnerability management process for your office and home. Patch Tuesday is a real thing—the second Tuesday of every month Microsoft releases a series of patches which address security and other issues. Here’s a sample of vulnerabilities addressed in April 2020.
Cyber/Ransomware Insurance: Another type of protection against ransomware is cyber insurance. As with most types of insurance, you need to have ransomware coverage before incurring an attack. In this case, the cyber insurance or ransomware insurance is used to pay the hackers and get the encryption key so that you can decrypt your files and use them again. Cyber insurance—specifically, ransomware insurance—is complicated and becoming a virtual necessity. However, premiums are on the rise and should be considered a major business decision. Be sure to work with a reputable broker and take time to understand how the coverage works, your responsibilities and its limitations. While it can help you recover from a data loss, insurance is considered a reactionary tool and ultimately incentivizes more attacks.
Be Prepared
Ransomware can quickly take your company from the fast lane to the gutter. Make sure you understand what it is and how you and your company can be ransomed. Train, train, train and then train some more. Backup your data. Make sure your backups work and can be restored in a timely manner. Finally, talk to a reputable broker to understand if cyber insurance is right for your company. Ransomware isn’t going away and will continue to be a problem for the foreseeable future. Do all that you can to defend against ransomware and let us know if you have questions or need help.
Written by: Chris Zambuto | Chief Information Security Officer @CMITBostonCambridge
