What is Ransomware?
FBI calls ransomware a type of malware that targets critical data and systems for extortion. Ransomware is not a prank, spyware, or a
virus that steals or destroys the data or files. It’s a business with specific targets, delivery methods, and ROI for the attackers. It is simply the fastest way to end a business.
We’re on a mission to help you mitigate the risk of ransomware.
Known Defenses Against Ransomware
You may be surprised to learn that the most popular defense against ransomware today is to pay the attackers. From city governments to enterprises, statistics show that up to 70% of infected businesses had to pay the ransom to recover their data, as reported by ITProToday.
However, there are four major categories of ransomware defense:
Tools for email scans, firewalls, regular data scans, etc.
Training and testing your workforce to not become victims
Company-wide rules and processes to block unknown sources
The ability to recover data quickly and efficiently from backups
How does ransomware affect my business?
GandCrab, SamSam, WannaCry, NotPetya—they’re all different types of ransomware and they’re hitting businesses hard. In fact, ransomware attacks on businesses went up 88% in the second half of 2018 as cybercriminals pivot away from consumer-focused attacks. Cybercriminals recognize big business translates to big payoffs, targeting hospitals, government agencies, and commercial institutions. All told, the average cost of a data breach, including remediation, penalties, and ransomware payouts, works out to $3.86 million.
The majority of ransomware cases as of late have been identified as GandCrab. First detected in January of 2018, GandCrab has already gone through several versions as the threat authors make their ransomware harder to defend against and strengthen its encryption. It’s been estimated GandCrab has already raked in somewhere around $300 million in paid ransoms, with individual ransoms set from $600 to $700,000.
Research shows that preparing for ransomware attacks should involve a multi-pronged approach. Both prevention and mitigation plans need to be in place to deal with the ever-evolving threats and attacks.
Our Security Approach
Preparing to deal with ransomware is important. Not having an adequate strategy in place in order to respond before your data is encrypted can be devastating.
Starting with perimeter security, we look at how your business operates, i.e. education, retail, Doctor or Dentist, industrial parts broker, etc. Each business has different needs. If you expect to have walk-in traffic than you obviously need to keep your doors open during business hours. If you don’t have walk-in traffic it may make sense to keep your door locked. In addition to office access, we evaluate the current network and hardware security within your office.
Next, we look at firewalls, advanced security gateways, wireless networks, guest networks, business application portals, remote workers and other factors that impact the necessity to access your network from outside the building. We can develop a comprehensive plan to ensure your business operates as needed but remains as secure at the same time.
Advanced email security is a critical part of any cybersecurity plan. 94% of all malware that infects businesses comes from email and/or employee behavior. Advanced email security provides protection from incoming emails with embedded viruses or malware. It also protects against employees clicking on links to malicious sites.
Next, we look at advanced endpoint protection or anti-virus. Unlike typical anti-virus products, advanced endpoint protection uses artificial intelligence to monitor activity in the core operating system of your workstations, servers, and laptops. It looks for suspicious activity, tracks it and if needed can rollback any activity and isolate the malware to eliminate it from your hardware. It offers the most comprehensive ransomware protection on the market.
Along with email security, we look at employee training and awareness. Keeping employees aware of the risks and constantly reinforcing it with training is a key step in improving your security. In addition, if you have cyber insurance for your business, training your employees and providing proof of testing may help to reduce your cost of insurance.
The last layer of defense for your business is a business continuity and disaster recovery (BCDR) solution. It’s not just data backup. With BCDR, your not only backing up your data, you making sure the data works when needed with planned disaster recovery drills. Don’t think you need to worry about a data loss! Think again.
- In the use over 140,000 hard drives fail each week
- 60% of backups are incomplete, and
- 50% of backups fail at the time of restore.
So, if your backup doesn’t include disaster recovery and you lose your data, you may be praying that you’re not in the wrong 50%.
Most importantly, you want a data backup solution that allows you to virtualize your backup into a functioning server. If your server is attacked and disabled or you lose your data due to hardware, software or human error, having the ability to virtualize your server means your back up and running in a matter of minutes rather than days or weeks. In other words, your business continues as usual.
Finally, surrounding all of this, we evaluate both your proactive and reactive response capabilities. Proactive will include policy and patch management, i.e. password policies, policies protecting against shadow IT and Multi-factor authentication. Reactive responses mean your systems are monitored for potential issues. This allows for faster response and remote problem mitigation.
Having the right partners providing you the best tools and strategies for malware incidents is essential in the success and business continuity of your organization.