Tips from Sieve Networks
You’re 5 minutes away from pressing ‘send’ on an email about a complicated deal for millions of dollars when your computer screen goes dark. As you try to determine what happened, the screen comes to life. But instead of seeing your email, the screen shows red, with a timeclock and a warning that you’ll lose your files unless you pay a ransom.
Without ransomware protection, your company’s operating system is vulnerable to this costly cyberthreat, and the frequency of the ransomware scheme is growing. Globally, ransomware attacks are forecast to cost companies $20 billion by 2021, a 57 percent increase in 6 years.
What is Ransomware?
Ransomware is malicious software that infects computers, workstations, and mobile devices. The malware ‘takes control’ of your operating system, restricting access to files and threatening data destruction unless you or your company meet payment demands.
Cybercriminals deliver ransomware with several approaches:
- An email phishing scheme that tricks you into clicking on a link or downloading an attachment.
- An ‘exploit kit’ with code on what seems like a legitimate website will redirect to a malicious site. The drive-by or exploit attacks hide code within games, cheat codes, or other ‘free’ software.
Ransomware targets all industries, but a recent report showed that hardest-hit sectors include small businesses and healthcare.
How Does Ransomware Affect Your Business?
The immediate and long-term effects of ransomware depend upon your company’s size, industry, and ransom amount demanded by the cybercriminals.
Beyond the financial impact of paying a ransom, often in thousands of dollars, businesses face several negative side-effects:
- Business slowdown as your operation halts until you pay the ransom
- Disruption after the attack as your team struggles to regain momentum and get back to business
- Lost or damaged data, files, or systems, even if your company pays the ransom
- Erosion in customer trust of your ability to avoid (or thwart) cyber attackers
Unfortunately, ransomware is quickly evolving and becoming more sophisticated. Criminals will:
- Look for vulnerabilities like weak passwords to easily hack remote user protocols
- Try to steal credentials for system access
- Move around corporate networks to infect as many PCs as possible within an organization
Preventative Measures and Ransomware Protection
An integrated plan that addresses your IT systems, employee training, and software solutions is essential for preventing ransomware and protecting your business.
- IT System Security
If your company hasn’t modernized the IT architecture, you may be an easy target for ransomware.
- Work with your team to identify any vulnerable servers or systems, paying close attention to remote connections.
- Use unique, strong credentials and two-factor authentication for added security.
- Segment networks to prevent a compromised workstation from leading to a network takeover.
- Monitor domain controllers for unusual access and have a response plan in place.
- If your organization relies on a managed security service provider, request two-factor authentication and a log of activities. You may want to limit access to only those networks and systems required for the third party to deliver the expected service.
- Employee Training
In addition to hiring IT staff with expertise in responding to cyber threats, regular training for your teams is vital.
- Communicate about how to recognize phishing emails and to question any unsolicited emails that contain links or attachments.
- Give teams access to a unique email address where they can safely forward suspicious emails.
- Encourage cyber ‘hygiene’ such as creating unique, strong passwords and protecting logon credentials.
- Software Solutions
Anti-malware is a critical element of ransomware protection. Companies such as Sieve Networks also offer cloud-based backup systems to prevent data loss or restore compromised data. Strong ransomware protection will have features that:
- Recognize and remove the malware on sight or by monitoring access behaviors
- Prevent unauthorized access to common or shared locations
- Quarantine suspicious emails or attempted file encryptions
For more information about preventing or responding to a ransomware attack, read recommendations from the IC3 and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).