Ransomware attacks hit us hard in 2017. SamSam, WannaCry, NotPetya, and other variants infected computers around the world, locking up systems, disrupting operations, and of course, extorting large sums of money from victims. (For a recap of some of 2017’s worst attacks, see this article from TechRepublic.)
In fact, cyber-attacks were so bad last year—thanks in large part to ransomware—some people dubbed 2017 “the year of the data breach.”
The bad news is that ransomware attacks aren’t going away. We have already seen several high profile incidents, and with these types of attacks on the rise, we will certainly see more activity as 2018 unfolds. It’s not hard to understand why: ransomware attacks work; they’re easy to launch and can be profitable. And as long as those things remain true, bad actors will continue to become more sophisticated and ransomware attacks will continue to plague us.
How it Works
Ransomware is a form of malicious malware often delivered via email. Once launched by an unsuspecting user—usually by clicking on a fake link or opening an attachment—the malware infiltrates computers and locks up files, preventing users from accessing applications and data.
The objective is simple: disrupt operations by shutting down computer operations and hold organizations hostage until a ransom is paid. Ransomware code does this by encrypting critical files and directories using a standard encryption technique. Then, access is denied until a decryption key is provided. To get the decryption key, a ransom in the form of a cryptocurrency has to be paid to the criminals. But even if the ransom is paid, there’s no guarantee the criminals will deliver the key.
What industries are being targeted? The answer is all of them. Cyber thieves are indiscriminant. They will attack any target if they feel there is a good chance of extorting money from them.
While every industry is at risk, some are better targets than others. And currently, government and health care are at the top of the list.
The City of Atlanta was attacked on March 22. In that case, ransomware was used to infect government computers, resulting in the shutdown of some government services and forcing some departments to use pen-and-paper forms.
In February, the City of Allentown, Pennsylvania was attacked. A malware virus called Emotet was used, and according to reports it caused services to be shut down completely. and Recovery is estimated at nearly $1 million dollars.
Hancock Health—a small health system in Indiana—was hit by SamSam in January. The attack shut down systems and resulted in the payment of four bitcoin ($55,000 in value at the time). The CEO justified the payment, because it would have cost much more in terms of time and money to recover the systems from backups.
How You Can Protect Your Organization
You may not be able to predict an attack, but you can be prepared for one. Taking these steps can help you protect your organization:
- Make Security a High Priority – Cyber criminals are smart. They go after organizations with weak security—ones they believe will pay to make a problem go away. Elevate the importance of security in your organization and make it everyone’s responsibility.
- Use a Security Framework – If you’re not doing this, you should be. Align your security program with a strong framework such as NIST to ensure you have the policies and procedures in place to manage security controls in your environment. Some key best practices Within the framework, include making sure email and web server controls are enabled, configured and system patches are at the most current level. Ransomware can be easily defeated if it never gains residency.
- Educate your employees – Put a user awareness program in place. Ransomware and other viruses often infiltrate organizations via email. Educate your employees on the methods hackers use and keep them informed on new tactics, so they know what to look for. Train them well so they won’t be duped by clever attachments or links.
- Implement Advanced Endpoint Protection – Put advanced protection in place at your endpoints. Detecting ransomware variants is difficult. But there are several good solutions available that enable detection at the endpoint, which can help stop an attack before it happens.
- Plan for Recovery – Check your backups. If files do get locked up, make sure you have available backups to restore data. And make sure you test your backup and recovery process. If you have good backups—and are confident in your recovery process—you may be able to avoid paying a costly ransom.