The 21st century form of digital kidnapping happens when a ransomware code infects a computer or network, making the data unusable. The code is designed to encrypt the data and then send the victim instructions on what to do next, usually in the form of a popup on their computer.
The attacker then demands a ransom paid in some type of untraceable currency, like bitcoin or gift cards, and then promises once the ransom is paid to give the victim the key to decrypt their files.
Unfortunately, many organizations don’t have proper backup and data recovery in place so they end up paying the ransom to regain access to their data.
Earlier this year a ransomware attack shut down the Idaho Sugar-Salem School District servers and they were down for at least two days right in the middle of ISAT testing.
Another attacker that hit a group of radio stations in the Pacific Northwest demanded a $500,000 ransom for them to regain control of software that was needed for their broadcasts.
Ransomware attacks surged 77% in the first half of 2019.
This type of cybercrime has become so prevalent that it caused the FBI to send out a Public Service Announcement in October of 2019 that warned, “High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations.”
FBI Warning About Ransomware
The FBI’s warning noted that ransomware is becoming more targeted, sophisticated, and costly for all types of businesses and other organizations. Their current PSA comes on the heels of a request in 2016 for organizations to report ransomware attacks to Federal law enforcement.
Now that they’ve been collecting that data, they felt the need to put out this new alert to warn organizations about the ever-growing ransomware threat.
Main points of the FBI Ransomware PSA:
- Since 2018, losses from ransomware attacks have increased, even though attack frequency remains consistent overall
- Ransomware targets all types of organizations, even though government attacks are the most visible
- The FBI doesn’t advocate paying a ransom because it entices the criminals to keep attacking
- Whether or not you decide to pay a ransom, you should contact law enforcement regarding the attack
The FBI also provides helpful information on how ransomware gets into your computer and network and how to avoid becoming a victim.
Most Common Ways that Cyber Criminals Infect Victims with Ransomware
- Email phishing campaigns with malicious links and attachments
- Vulnerabilities in Remote Desktop Protocol, often through stolen or purchased credentials
- Unpatched software vulnerabilities
Best Defense Against Ransomware Attacks
Good cyber hygiene, which means following best practices when it comes to device and network security, is the best way to avoid becoming the victim of a ransomware attack (and many other types of attacks).
While many of these best practices may sound familiar, unfortunately all too often, they’re not followed diligently and one accidental click on a phishing link can cause hours or days of downtime and the associated costs of dealing with an attack.
Here are some of the most important things the FBI says you can do to protect yourself.
Backup and Verification
Most of the stories of ransomware attacks where the victim did not have to pay any ransom were because they had a reliable backup of their data in place. You should ensure you’re backing up regularly and that you are having those backups and your recovery process verified.
Train Your Users
Employee training and awareness is important so that your team knows how to spot a phishing email and can avoid infecting your network with ransomware. It’s also important for them to know the types of threats that may show up in their email inboxes or online.
Applying Patches and Updates
Updates to software and operating systems may be annoying when they pop up, but they’re vital to ensuring the security of your computers and network. They should be applied in a timely manner, meaning as soon as possible after they’re available. Using managed IT services is a great way to ensure patches and updates are handled for all your devices without disrupting your workflow.
Lock Down User Privileges
Use the “least privilege” rule for file, directory, and network share permissions. This means if someone only needs read access, give them that instead of making them a full admin.
Disable Office Program Macros
Word and Excel files can have macros that autorun when they open and can initiate a ransomware infection. Be sure to disable this feature in your Microsoft programs so macros can only run upon command, not automatically upon file open.
Use a “No-Trust” Stance for Software
What “no-trust” means is that only previously approved or whitelisted software can execute programs. Many firewall and advance threat protection applications allow you to set policies like this, which can help prevent attacks from new and more sophisticated forms of malware.
Require User Interaction for Certain Communications
Another security policy that can help prevent those “drive-by downloads” of ransomware from malicious sites is to require a user to type in information or enter a password for applications communicating with websites that are uncategorized by the network proxy or firewall.
Are You Ready for a Ransomware Attack?
How resilient would your business be if you suffered a ransomware attack tomorrow? If you’re unsure, then it’s best to have a security assessment done by Connect2Geek. We can help you identify and fortify any weak spots and ensure you have a backup in place that’s reliable and easy to recover if you need it.
Schedule your security assessment today by calling 208-468-4323 or using our contact form.