Dear Ransomware – let’s get familiar
First, let’s define what ransomware is. Basically, it’s a piece of malware that is able to infect a device that will prevent an end user from either accessing the device itself, or the data on the device. Typically, the person responsible for creating the ransomware will require the user to pay a fee in order to regain access to the infected files or system. Even when you think you’ve got your environment configured with the right layers of software designed to prevent an infiltration of potentially destructive ransomware, there’s still a good chance you may become a victim.
Sounds like a pain right? Well, it could get much more serious than that pretty quickly. Let’s assume that device is on your corporate network. Let’s also assume that the user of that device has access to files on the network. See where this is going? It now has the potential to affect files across the network. All that business critical data is now that the mercy of a cyber-criminal demanding a ransom payment before giving you back your access, if at all. You don’t just lose access to the files, you have the potential to lose productivity, legal fees, IT services, customer service, etc. it adds up quickly.
So what exactly does this ransomware do? The most common side effect is file encryption. Encryption that is at this point is pretty much impossible to crack. It has the ability to encrypt not only data on your local device, but also data across the network that the user has access to. Without a good backup or paying the ransom, you can say good-bye to your data. Even a backup will only get you back to the point in time where it was last successfully run. That means if you’re backup ran last night, and the ransomware hit today at 4pm, you’ve pretty much lost an entire day of work for not only a single individual, but potentially an entire company.
But I have antivirus, that’s enough right? I hate to be the bearer of bad news, but antivirus software alone simply isn’t enough anymore. You need a layered approach to your preventative arsenal.
- Education – Educate yourself and end users on how to detect these threats. Limit the amount of casual internet browsing and if an email seems fishy, there’s a good chance it is. Remember, ransomware can infect you in multiple ways.
- Email Filtering – Use a spam service to filter email before it gets to your mail server and inbox. Even users of a hosted email platforms should consider using 3rd party email filtering as an added layer of security.
- Web Filtering – Ransomware doesn’t just come from email. It can come from very popular legitimate websites as well. Utilizing some type of web filtering could help prevent access to infected websites or syndicated ads carrying malicious code.
- Antivirus – Use reputable antivirus. This is usually the last point in the preventative stage. Having up to date antivirus could be your saving grace, although there are never any guarantees. Even older versions of antivirus with up to date virus definitions could make you vulnerable. Much like the cyber criminals who are continuously trying to evade the various levels of protection, antivirus vendors are constantly evaluating and improving their software in order to combat the latest threats.
It's unfortunate that there are new stories daily of companies large and small being targeted by these malicious campaigns. There’s no doubt it will only get worse before it gets better as these threats are constantly evolving. They tend to get more destructive with each iteration and some aren’t even offering the option to decrypt anymore. Your best defense is a multi-layered approach. The more layers, the less chance of becoming the latest victim. Bottom line, it needs to be taken seriously.