Ransomware: The Equal Opportunity Threat
Disclosure: this is a Microsoft-sponsored brand post.
Ransomware has become the topic du jour within the current and future cybersecurity landscape. Bridging the gap between the tech world and the mainstream public, it has become a crossover hit on everybody's radar because of its wide-reaching impact in a reality where anyone can be a target. Large organizations and small businesses, law enforcement agencies and private citizens, school districts and hospitals, local and state governments have all found themselves victims of cyber criminals who use malware to lock or encrypt data on computers and then demand a ransom in order to release it.
This type of digital extortion is nothing new, first showing up in Russia and Eastern Europe between 2005 and 2009, but it has become increasingly pervasive and much more lucrative as time has gone on. With the advent of Bitcoin and other digital currencies, it has become considerably easier for ransoms to be paid virtually and collected anonymously by the perpetrators, thereby emboldening their efforts to get as much as they can from anyone who'll pay up.
Most commonly contracted by way of phishing emails which contain malicious links, once launched, the malware is initiated on affected systems and proceeds to prevent the user from accessing their files. Cyber criminals have also leveraged legitimate websites, infecting them with malicious links that, once clicked, install malware on a system without the visitors’ knowledge.
Payment of said ransom is no guarantee of remedy however, since the agent you're trusting to deliver the fix is the same one that infected you in the first place. According to FBI Cyber Division Assistant Director James Trainor, “Paying a ransom doesn't guarantee an organization will get its data back - we've seen cases where organizations never got the decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
The question is, then: knowing what we do about how pervasive the problem is and how persistent attackers have become, what do we do to protect ourselves from being their next target? The answer lies in preparation and personnel. Having highly trained professionals working on your behalf is vital to both staving off such attacks and remediating the damage to systems should a ransomware attack occur. Both MSPs (Managed Services Providers) and trained internal IT staff manage the need for timely patching and critical updates to remove known vulnerabilities which can allow attackers exploit and gain access to your systems. Using the rule of least privilege, they can (and should) restrict users' ability to install and execute unwanted software, and can disable the running of macros found in compromised email attachments before they have the opportunity to infect a system. Application whitelisting and maintaining up-to-date antivirus and antimalware solutions are all essential to strengthening your organization’s security posture.
Having proper protections in place to avoid an attack is vital, but they are also intrinsically valuable to mitigating the damages post a ransomware attack. The creation and testing of incident response and remediation plans are a critical piece of the puzzle. Routine off network data backups are critical to recovering from a ransomware attack. By offering a suite of pre- and post-attack procedures, the time and cost for recovery and the disruption to daily operation are massively curtailed and the potential for harm to an organization's reputation is greatly lessened.
The value of solid professional help and a sound plan cannot be overemphasized in a security climate where the likely hood of attack is answered in terms of when, not if.
Make sure and register for the upcoming Microsoft Modern Office webcast, “Ransomware – What you need to know”.