If you donโt yet know about ransomware, you soon will. Itโs been called the most profitable type of malware ever released. Bad guys deploy it on a computer or network and hold the data hostage until a fee is paid to get it back. Just last week the WannaCry ransomware strain went global, impacting computers in more than 150 countries and wreaking havoc on Britainโs National Health Service, Spainโs Telefonica and Franceโs Renault automobile factory.
Ransomware is usually brought into a company when a user clicks on a bad link in an email and cyber criminals download the malware to their computer or network without their knowledge. It happens fast, and sometimes you canโt tell it is there. Most antivirus programs do not detect it as it is rapidly changing with new variations every day. Being successfully hit by a ransomware attack can set a business back 50 years into โpen and paperโ management and the ransom can get very high. The WannaCry attack charged ยฃ240/machine, which adds up very quickly, particularly for small and mid-sized businesses (SMBs)
Itโs time to face facts:ย Ransomware has become a โwhen not ifโ scenario for businesses of all sizes. To pay or not to pay is ultimately a business decision and one which most organisations do not make lightly.
How did these ransomware victims get in such a dire situation?
In most cases, an employee opened up an attachment to an email that looked legitimate, but the attachment was malicious and infected the network.
If a business has up-to-date backups, ransomware is no problem. But in the cases where the companyโs backup / restore strategy has failed one way or another it can go wrong in several ways. Perhaps it was thought their backups were being regularly made, but in reality, the process was broken, and no backups were being created at all. That amounts to a high-wire act without a safety net because hard disks sooner or later always fail. Or, backupsย wereย created, but the restore process failed and the business was unable to could not get their files back. This happens more often than you might think. Victims like this find themselves in an extremely uncomfortable position: pay an organised cybercrime network thousands of pounds and hope to get the files back, or be confronted with lost days, weeks, or months of work?
Understandably, you could take the perspective that itโs a matter of principle and that you should never pay ransom to criminals. That is easier said than done when you look at potential damage to your organisation that a ransomware attack can bring.
To pay or not to pay is ultimately a business decision.
Nowadays there are different types of ransomware infections. The low-grade spray-and-pray phishing attacks that only infect one workstation are relatively easy to fix by IT. Wiping the workstation and rebuilding it from scratch takes about 20 minutes.
It gets worse when that infected workstation had a connection to a file server, and all the files on that server were encrypted during the infection. Now a whole group of employees are left to sit on their hands without access to their files.
[easy-tweet tweet=”The ransom usually soars up to anything from ยฃ30,000 up to ยฃ75,000″ hashtags=”Ransomware, Backup”]
Worst case is the โbad guysโ were on the network for quite some time, were able to infect all of the organisationโs machines and lock them all at the same time. This type of network compromise sets an organisation back 50 years into โpen and paperโ management, and the ransom usually soaring up to anything from ยฃ30,000 up to ยฃ75,000.ย Especially healthcare organisations with x-ray machines, MRI equipment and other medical devices that run Windows are vulnerable to attacks like this, with literally life-or-death in the balance. However, any organisation, large or small, is in the firing line for this new type of internet extortion.
What to do about this?
It is crucial to start with a so-called defence-in-depth strategy to protect your network:
- Weapons-grade backups that are tested regularly to see if the file-restore function actually works properly.
- Ensure all software is up-to-date. That means the Windows software, and also patch all third-party applications that are running in the organisation.
- Run updated antivirus software but donโt rely on it. Todayโs antivirus often does not catch ransomware.
- Identify users that handle sensitive information and enforce 2-factor authentication.
- Check your firewall configuration and make sure no criminal network traffic is allowed out.
Ultimately, your employees are the weak link in your IT Security.
The standard defence in depth strategy above is a good start, but itโs missing a critical step: educate your users so they can thwart ransomware before it can infect your workstations or your network. A good security awareness training program will help educate users on what types of red flags to look for so they donโt make a mistake that puts your business at risk. That taking the time to question an email and call the person who supposedly sent it could save time, money and frustration for the entire company.
Letโs stay safe out there.
Stu Sjouwerman is the founder and CEO of KnowBe4, Inc. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware softwareย companyย that was acquired 2010. Sjouwerman is the author of four books, with his latest being โCyberheist: The Biggest Financial Threat Facing American Businesses.โ
Twitter alias (company)ย @KnowBe4