Ransomware: What Every Business Needs to Know

Disclosure: this is a Microsoft-sponsored brand post.

On average, a business comes under ransomware attack every forty seconds according to the latest Microsoft Modern Workplace webcast, Ransomware: What you need to know.  Be certain that if you have a device and it is connected to the internet, you are a target for ransomware.

Experts Theresa Payton and Steven Wilson provide invaluable insight into one of the most rampant scourges plaguing the internet and information security across the globe.  Companies that have reported ransomware targeting are up 6,000% according to Payton.  This statistic is made all the more profound when we consider that most ransomware attacks go unreported altogether.

While ransomware attacks are not 100% preventable, they are survivable if planned for in advance, and Mr. Wilson believes early preparation is the best tactic for prevention.  Together they provide a list of actionable items to better secure our networks, most of which are often talked about, such as: employee education, using strong passwords, keeping anti-malware and antivirus definitions current, updating operating systems and practicing for an attack.  Most noteworthy, though, are a couple of lesser talked about solutions like network segmentation and kill switches.

Network segmentation, where the use of the network architecture limits communication between devices, is essential in limiting the spread of infection from a ransomware attack.  Within a properly segmented network, an attack on one system would be prevented from spreading to the entire enterprise.  Kill switches are safety procedures that place an emergency stop on whatever process is happening to prevent it from completing its course, or a complete shutdown of a system without going through the normal shutdown procedures.  Having a so-called, “big red button” option for immediately halting the spread of an attack is a valuable defense mechanism which can give you an immediate override in an emergency situation.  Combining these with some of the more oft-mentioned protections truly provides us with defense in depth, which should be our collective and universal aim.

Potentially the most interesting point raised is that of the benefits reaped during this latest ransomware bloom.  Because the problem of ransomware is so pervasive and so highly publicized, individuals and businesses are taking the threat more seriously and actually making changes in order to better protect themselves.  This greater awareness is causing people to audit and improve their digital hygiene, which is something we should all be excited about.  Not only that, but there is a coming together that is happening, a public and private sector aligning for the purpose of fighting back against cybercriminals.  Europol's nomoreransom.org is the product of law enforcement teaming with over a hundred international partners to provide decryption keys for many strains of ransomware.  This is a free tool for anyone who has fallen victim to one of these attacks.

Planning for an attack and practicing our incident response and remediation plans is an intrinsic part of our preparedness as well.  A working knowledge of what we are going to do and how we are going to react when a ransomware attack happens builds our agility to make timely moves to mitigate and recover from such an attack.  We can play out scenarios and learn where to make changes in our game plans to be more successful when an actual attack occurs.

Because ransomware has become so prevalent and the risks for loss so profound, it is vitally important that we not only pay attention to this trend, but spend concerted time preparing to both prevent such attacks and be able to recover from them.