Feelter blog

The recent crop of ransomware attacks, plus a report from SentinelOne last week on ransomware highlight, if any highlighting was needed, that ransomware is both lucrative and here to stay and that enterprises need to take proactive action to prevent such incidents and  minimize the damage.

Ransomware works by infecting a system with a program that encrypts all local files, essentially locking users out of the computer. The illicit program holds a private key that only the attackers know. As a result, the computer user - whether a business, government agency, or an individual – has to pay a ransom to obtain the key and unencrypt the devices affected.

Despite being reminded repeatedly by law enforcement not to pay ransoms, that is easier said than done when the data illegally encrypted is mission critical to an organization and vital for a company to function day-to-day.

The stakes and repercussions can be huge. Some analysts estimate more than $25 million in ransoms have been paid in the last two years, and globally, ransomware attacks reportedly grew 11 percent in the 12 months ending in March, 2017. 

In its first few days, for example, the WannaCry ransomware attack in May encrypted files on computers at more than 300,000 businesses in over 150 countries. The malware apparently used a flaw in Microsoft’s software originally discovered by the National Security Agency. Another high profile malware attack more recently called Petya affected computers in North America and Europe.

While software publishers update their software to plug security holes exploited by ransomware attackers, vulnerabilities are often compounded because companies that use the software often don’t update their systems with security patches. As a result, their computers remain exposed to hacking.

There are other reasons companies don’t patch their security flaws. Patching might be just too expensive, often requiring system upgrades to support the patch. Also company computers might not support the patch at all, requiring the purchase of new equipment. Patching requires system downtime and many companies cannot afford to have their computers unavailable. In addition, it only takes a single compromised computer to provide access to an entire network. For many companies, patching is not as simple as one or two machines, but entails hundreds and even thousands. Miss patching one computer and the entire network is exposed.

The inevitable consequence is that all companies and organizations may at some point be exposed to hackers and a ransomware attack. Being prepared for the worst-case scenario is essential.

The first rule of data defense is to back everything up on computers that are off-site and removed from the corporate network. Mission critical data is only valuable to a cyber-criminal if there isn’t a copy. Additionally, if back-up is to a local storage device, it should be off-line and not directly connected to the network. While backing up data may not protect a company from ransomware exploitation because it can take time to retrieve everything, which is unacceptable for mission-critical data, it is still a must-do first step.

It is also necessary to dissuade any computer user on the network from opening and downloading suspicious emails or attachments, and to stop connecting to suspicious links when on the Internet. Malvertising is another newish threat along the same lines, where malicious ads containing compromising code can be downloaded to a computer network, even through trusted web sites.

Third-party plug-ins are also an area of vulnerability. In common, often-used add-ons such as Flash and Java, keeping them updated helps in combating potential exploitation loopholes. In addition, keeping abreast of current security issues and hacking breaches industry-wide also helps in stopping a breach before it happens.

Finally, using a network-wide antivirus program that is scheduled to run regularly is a must. Should an infection become apparent, it is necessary to disconnect the offending computer immediately, even if it means shutting down the network, to prevent the spread. Wi-fi and Bluetooth should also be disabled to stop the transfer of the malware.

With ransomware, prevention and anticipation are the first steps towards protection. While not infallible, at the least, adopting both gives the computer user and the company network a head start in data defense. Not only that, but keeping abreast of the current dangers and updating software regularly is the foundation upon which any corporate security network rests.