How To Tackle Ransomware Without Paying A Dime To Cybercriminals
Contributed Commentary by Gary Watson
June 23, 2017 | Understanding what data is at risk during a ransomware attack is the first and most critical step to take, in order to prevent a large-scale disaster. Ransomware extortionists attack the computer network with malware that encrypts every file, and then demands a large ransom payment to a “darknet” site before the decryption key is provided. If payment is not promptly sent, the criminals threaten to delete the decryption key and all the encrypted data will be lost forever. Lately, organizations have been stockpiling bitcoins in order to meet the demands of these criminals, and the question, to pay or not to pay, has been raised one too many times.
In 2016, the FBI received reports that American companies paid an estimated $1 billion in ransomware payments, as compared to $25 million in 2015. Just this past month, we saw nearly 100 countries suffer from the WannaCry ransomware attack alone. Rapidly evolving costs are just the tip of the iceberg compared to the lost productivity and all-too-frequently lost data that result from such malicious crimes.
Common ransomware targets have been hospitals, schools and police stations. In fact, the WannaCry attack started with the ransom screen popping up across computers in the National Health Service in the UK. By targeting such important industries that can’t afford to be offline or lose their patients’ medical information, it is no wonder that ransomware is becoming a highly lucrative business.
So, what can organizations do about these cybercriminals? The real issue is that anti-malware products are not infallible, and organizations need to have a second line of defense in place. There are a few simple steps organizations can take to help mitigate the risk of cybercrime.
Teaching users not to visit unapproved websites or click on suspicious links within emails will help to minimize the risk of phishing scams. However, it is also imperative that users can identify false emails that look authentic, and will often appear to be from legitimate websites asking for sensitive data. This is an easy way in for hackers and has been known to work.
Update, Update, Update
Regularly patching and updating the management tools on all network connected devices, including switches, servers, and personal devices, such as mobile phones tablets and laptops will create a more secure IT infrastructure. New malware exploits are now published within days of patches being available, so unfortunately your window of safety is getting smaller and smaller.
Find ways to establish non-native rendering of PDF and Microsoft Office documents, so that a browser or a custom app is always in safe view mode.
Backup Your Backups
Running frequent backups will help to ensure your data stay protected should a disaster occur. The ability to recover is often the last line of defense against utter disaster. That said, consider the practicalities of meeting recovery time objectives. An “inexpensive” cloud backup service might require the “not-inexpensive” expedited service of copying data to USB drives and paying a courier to deliver them.
Of all cybercriminal threats out there, being attacked by ransomware is among the most devastating. It spreads quickly through the network, is a nightmare to remove from machines, and makes any encrypted files inaccessible until the ransom is paid. However, the current tendency for companies to pay such ransom demands of malware perpetrators will only encourage more hacks and more ransoms. It’s not acceptable and it certainly isn’t sustainable. Of course, data is critical to a business—and sensitive data even more so—but companies should be aware that there is an alternative.
Using these preventative steps will certainly cut the frequency of successful attacks, but the only true protection for high-value data is to aggressively lock it down. By combining data security with data protection, cybercriminals will have a harder time infiltrating IT systems. To pay or not to pay should not be the question. Instead the focus should be on preventative measures and education, organizations need to understand how they can work around ransomware attacks and protect sensitive data.
A computer entrepreneur who specializes in high performance data storage systems, Gary Watson co-founded Nexsan in 1999 and is currently its VP or Technical Engagement. He has also served as its CTO for over 12 years. He can be reached at firstname.lastname@example.org