Back to blog
Blog , How-To

Be Proactive: Protect your Business from Ransomware

Avi Mergui Avi Mergui May 26, 2016

Ransomware, as its name suggests is a malware that infects a system and locks the user out of their data unless a ransom is paid. The victim of such an attack is left powerless to recover their data as only a unique key can unlock the infected system. The user has a pre-set deadline to pay the ransom or risk permanently losing access to their data. This type of attack has seen a rise in occurrence since its rise to prominence in 2005. The field of Crytomalaware is in constant evolution because of the extremely profitable nature of these activities, the largest threat currently is Cryptowall 3.0 /Cryptolocker which usually spreads through phishing emails. The user clicks on a link, a Trojan is installed on the system which then delivers its payload by encrypting user data and displaying a locked out message.

These attacks are now so prevalent that they account for $18 million in yearly revenue in the US alone and some estimates go up to $350 million worldwide according to a research done by The Cyber Threat Alliance (CTA). In the following sections, we will review some mitigation techniques about how to stay ahead of the curve to prevent this unfortunate scenario.

If it’s not backed up, it’s already lost.

The first most obvious mitigation technique is to ensure you have all critical data backed up.
Running an automated backup is the number one way to ensure that attackers can’t hold you ransom.

The victim of such an attack would simply have to clean up their computer of the underlying infection and restore their backed up data. Keep in mind when configuring a backup that many advanced Ransomware can encrypt mapped drives and connected USB drives. Off-site and/or offline solutions are the only real form of protection.

Patch it, patch it again and patch it some more!

Keeping a system up to date is quite critical for mitigating this ever growing threat.
Recently, there have been some vulnerabilities in Adobe Flash that leave a user vulnerable to Ransomware when visiting specific websites.

Try to minimize the use of plugins wherever practical. Java, Internet Explorer, Firefox, and Chrome are also major targets. Cybercriminals are increasingly targeting businesses and ensuring IT staff keeps appraised of vulnerabilities and security updates is as critical as ever.

Security software…Who needs it?

There is a common saying in the security industry “there are two types of people in this world: those that have been hacked and those that don’t know that they’ve been hacked”.

Having a strong anti-virus and next generation firewall solution is one of the best ways to stay protected and be aware of any changes in a network. Although even the best solutions can’t prevent 100% of attacks as it’s always been a cat and mouse game, there is a clear advantage to having this type of solution implemented. Even if a threat isn’t yet known by the anti-virus system the firewall can still stop the Trojan from communicating with a Command and Control (C&C) server.

Remote Desktop or remote Trojan installation?

There are many different ways that crypto malware spreads ranging from phishing attacks to across internal networks and even using Microsoft Remote Desktop (RDP).  RDP, Windows File Sharing, and other internal enterprise services should not be exposed directly to the Internet or other hostile networks.

Reduce or limit the use of these protocols and don’t permit Internet exposure to help protect your network. The fewer services you have exposed the safer you are.

Remember, action today can prevent a crisis tomorrow.

The last point is to remain vigilant and aware of security trends.

Blindly assuming you’re protected just because monitoring and anti-virus mechanisms are present is never a strong position. It’s critical that knowledge is shared with users on what to look for when receiving emails and the patterns demonstrated by phishing attacks. Hosting internal security events to keep users apprised on new techniques being used by attackers will be one of the most effective ways to prevent infection.

 

Conclusion

The approach often used by many companies is to spend the minimum amount possible on security. While in the short term this can save money Unfortunately, having such a mentality will leave organizations at risk of being compromised. The day it happens can result in a bigger hit to the bottom line as well as potentially creating substantial and highly visible damage to their reputation. Unrecoverable loss of information may also expose the company to substantial risk and liability.

Be proactive! Ransomware is not going anywhere, better to have a plan than become a statistic!

Unsure if you are at risk or not? Reach out and our Network and Security team can help to identify and mitigate any potential risk.

Do not miss out receive expert tips and insights straight to your inbox!

Read more security posts:

 

Ready to take your unified communications from headache to hassle-free?

No throwing darts at proposals or contracts. No battling through the back-end. No nonsense, no run-around.