How to Stop Ransomware

The Business Leaders' Guide to Sleeping at Night

by Mike Knapp in Business Leaders

Ransomware is one of the biggest cyber threats to businesses.  It’s one that can’t be ignored, unless you want to live with its potentially devastating effects.  Thankfully, there’s steps you can take to reduce the risk of infection and be ready in case disaster strikes.

What is Ransomware?

Ransomware is a hacker’s dream, and a business owner’s nightmare.  It’s malicious software that infects your network and encrypts your data files and demands a ransom to decrypt them.

Ransomware has gotten smart over the years.  It can now lie dormant for months, quietly watching your network before attacking your most important files (timed for when you’re not paying attention, like at night).

Ransomware is BIG business:

  • In 2016, Ransomware revenues are estimated at $1,000,000,000
  • Cryptowall had revenues over $325,000,000 by early 2016
  • More than 50% of business pay the ransom

With a market like that, ripe for the plucking, ransomware is a major focus for cyber-attacks.  In 2016, there was an estimated 2-3 million attacks.  Analysts expect this to double every year.

How do I get Ransomware?

Ransomware infections don’t magically happen – they almost always require user interaction.  A user may:

  • Click a link to an infected file in an email
  • Click a link in an infected website
  • Run an attachment

Ransomware is sneaky.  Some of the variants camouflage themselves to pass your defenses.  Others can be targeted to organizations, like hospitals and government agencies.

How do I protect my business?

Here are a few key elements we recommend to protect your business from Ransomware:

  1. Enterprise-grade, centrally-managed anti-virus
    1. Standard, signature-based ones known variants, but not the new ones
    2. Next-generation, behavior-based ones catch up to 99% of potential attacks
  2. Enterprise-grade spam filter
    1. Block phishing and emails with dangerous links before they get in
  3. Content filtering
    1. Stop access to websites with known infections
    2. Block access to Ransomware “command and control” so they can’t encrypt
  4. Backup
    1. Have an enterprise-grade backup system that can restore you from backup quickly
    2. Ensure you’re backing up often enough that you only lose an acceptable amount of data
  5. Security awareness training
    1. Teach your team to recognize threats before they get to you
    2. This is most important, and often neglected
  6. Ransomware blockers
    1. This is more effective than anti-virus and ensures Ransomware doesn’t get in – but it’s not foolproof
    2. The enterprise version of this is called application whitelisting. It’s extremely effective, but can be IT-resource intensive

What do you do if you’re infected?

New variants of Ransomware are released daily – one site reported 19 new variants during the week of Jan 21, 2017.  That doesn’t include targeted variants.  Because of this, it’s impossible for the traditional anti-virus products to protect you.

Even with all the above controls in place, you may get infected.

When it happens:

  1. Shut down your PCs and servers immediately. This stops the encryption from spreading.
  2. Try to clean your systems (in isolation).
    1. Disconnect one computer from the network
    2. Use a commercial decryptor
  3. Plan for nothing to work. Restore from backup

Please please please do not pay the ransom unless its critical.  Every ransom paid encourages the growth of this style of attack.

Ransoms are normally in Bitcoins.  The average ransom is around $2500 USD (around 2 Bitcoin).  High payments can be more than $10,000.

Note: Paying the ransom doesn’t guarantee they’ll unlock you.  While most groups are good (it’s a business after all), there’s no honor amongst thieves.

Our Advice

We’ve had many clients over the past few years be infected, with downtime costs ranging from $20,000 to $150,000.  After being attacked, they all put the right defenses in place …

Learn from their mistakes.  Expect you’ll be the victim of Ransomware at least once.  Put the right defenses in place now and minimize the risk.

Leave a Reply

Your email address will not be published. Required fields are marked *