Having your company's data stolen is bad. Having your company stolen is worse. In effect, that’s the aim of a form of malware called ransomware, which can totally shut down your operations.
When ransomware gets into your systems, it encrypts the data, making it inaccessible to your users. You need a key to decrypt it, which you can only get by making a payment to the criminals. Typically, the ransomware demands the payment be made within a brief period of time, or else they'll destroy the key and the data will be unrecoverable. They often demand payment in bitcoins, which are hard to trace.
Ransomware is a threat to public safety as well as business operations when it affects hospitals and school systems. Last year, a hospital in Los Angeles was locked out of its systems for two weeks before it paid the ransom to resume normal operations as quickly as possible. According to the FBI, there were close to 2,500 ransomware incidents last year, with more than $24 million paid to the hackers.
Don't Let Your Business Be Held Hostage
The FBI expects ransomware incidents to rise this year. The best way to avoid paying a ransom is to set up strong defenses that reduce the risk of an attack and provide alternate means of recovering your data. Here are 7 steps you can take.
- Implement a reliable backup and recovery process. If a hacker encrypts your data, you lose all access unless you have backup copies that you can easily restore on your production systems. Make sure your backup procedures cover all critical systems. Periodically test your recovery process so you know in advance what’s required to bring your operations back online.
- Authenticate incoming emails. Ransomware is often sent via email. To trick recipients into opening it, often the sender's address is spoofed so the target thinks it's a legitimate message and opens an infected attachment. Organizations can use sender identity verification to block these spear phishing messages.
- Secure your email servers. Add security measures to scan all messages received and processed by your email servers, both incoming and outgoing.
- Block downloaded files from automatically executing scripts. Reduce the danger of malware being executed by blocking mail attachments and downloaded files from automatically executing macros. You can also prevent users from accessing dangerous websites and block ads that may contain malware as well.
- Monitor your files. Activity monitoring tools can detect when files are being overwritten; large numbers of overwrites are one indicator of a ransomware attack. By detecting this activity sooner, you can activate your response plan sooner as well.
- Have a response plan. Creating that response plan is key. Because no defensive measures can guarantee 100 percent protection, it's important to know how to respond should malware break through them. The more confident you are in your ability to respond, the less likely you'll need to pay the ransom to recover your systems. Build that confidence by periodically testing your plan and updating it as your infrastructure and applications change.
- Train your staff to recognize malware. Don't rely solely on technology to defend your systems. Teach your employees to recognize phishing emails and the dangers of downloads from unsafe websites. Ultimately, malware succeeds or fails because of the actions of your employees.