Cyber extortion campaigns have been spreading like wildfire in recent months, locking computers and shutting down critical infrastructure.
The recent WannaCry ransomware attack affected more than 200,000 companies in 150 countries, including a major assault on the UK’s National Health Service. Ransomware Petya took out critical government and banking systems in the Ukraine, while an attack by NotPetya may cost health and hygiene company Reckitt Benckiser up to £100 million in lost revenue. Welcome to the perilous world of ransomware.
Ransomware is big business for cybercriminals. It is a type of malware used for so-called ‘data kidnapping’ that either locks an end-user’s screen rendering a device unusable, or, in crypto-ransomware cases, encrypts files, until a ransom is paid.
Ransomware is hard to trace. It spreads through email attachments, malvertisements, infected software applications, external storage devices, compromised or malicious websites and secondary infections on affected systems. The latter opens backdoors for even more attacks.
Once ransomware gets on a single machine in an enterprise network, it rapidly scans for others to attack. Petya, for example, seeks out Windows administrative usernames and passwords, and then uses Windows administration tools to infect as many systems as it can. It isn’t just Windows systems that are vulnerable. Ransom32, programed in JavaScript, HTML and CSS, can also attack Linux, Unix, and OS X platforms.
Ransomware can also infiltrate the cloud. Virlock, for example, spreads through cloud storage and collaboration tools. It attacks a system and encrypts all the files, altering them to Virlock files, including those synched with the cloud application. Once another user clicks on these shared files the Virlock file is triggered, their machine is infected and the Virlock epidemic continues.
Ransomware attacks are accelerating. Between January and September 2016, the US Justice Department alone reported 4,000 ransomware attacks, quadruple the amount of attacks seen in the previous year. The Ponemon Institute predicts that ransomware attacks will get more frequent and sophisticated during 2017. Yet despite the high profile “data kidnappings” we have already seen, many companies are ill-prepared to prevent or respond to such an onslaught.
Safeguard your business
It is best to think about when, rather than if, you will get hit by a ransomware attack. Below are nine steps you can take to protect against it.
1. Full and accurate backupis “a critical ransom defense”, according to the Ponemon Institute. Cloud storage, mapped and unmapped network drives, and local files are all open to ransomware attacks. It is therefore essential you keep separate offline backups of critical files.
2. Consistently update and patch your systems. Cybercriminals search out vulnerabilities and having the newest version shores up your defenses. Microsoft, for example, recently issued a security patch bundle to protect against WannaCry ransomware and similar malwares for all versions of its operating system, including Windows XP.
3. Educate employees about ransomware and the dangers of visiting unfamiliar websites or downloading applications that have not been verified by an app store first.
4. Use multi-layers of protection including anti-virus, web filtering and firewalls to strengthen your network security – and ensure they are continually updated.
5. Deploy role-based access. System administrators should only give employees access to the parts of the network that are essential for their work. This helps damage limitation if there is an attack.
6. Invest in a security information and event management (SIEM) service. SIEM operates as a central security hub comprising a set of software tools that collects, stores and analyzes data collected from the network perimeter to the end-user to monitor for any security threats.
7. Use network segmentation to separates parts of the network based on the criticality of the data housed, such as web server, application server and database server separation. This makes it more difficult for ransomware to take a foothold. It is imperative security policies are enforced between segments, however, to ensure attacks don’t breach perimeter technology defenses.
8. Make sure you have a robust password and multi-factor authentication policy. This may seem obvious, but many businesses still have weak password structures.
9. Have an incident response plan and make sure it has up-to-date procedures in place for protecting, identifying and responding to ransomware attacks.
Cybersecurity is a complex business issue. Key challenges include IT infrastructure protection, risk visibility and management, data protection, access rights and user identity. To find out more about how Orange Business can help you with a comprehensive security approach to your business click here.
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.