Two years, ransomware was barely on anyone’s radar. Today it is at the top-of-mind-awareness (TOPA) for IT teams and business leaders alike. Its presence has dominated headlines of nearly every media type over the past fourteen months. Its manifestation has affected nearly every type of industry, bringing operations of its unfortunate victims to a grinding halt. If it were a traditional business, its growth rate would be the envy of the world as ransom payments grew from $24 million in 2015 to $1 billion in 2016 according to a recent FBI report. Yes, that is correct; ransomware is a billion dollar industry. This is no flash in the pan that garnered its fifteen minutes of fame. Ransomware is a perpetual threat that continues to plague business operations throughout the world over as has been the case thus far in 2017.
There are a number of things that happens when a billion dollars of revenue is involved. It attracts substantial levels of investment dollars and innovation as well as a multitude of opportunistic individuals with little scruples. Last year brought about Ransomware as a Service (RaaS), providing do-it-yourself packages for any cybercriminal wannabe for as little as $40. This led to multilevel marketing like structured organizations with their own distribution channels, tiered hierarchies and shared revenue plans. Top-level distributors are estimated to make somewhere around $300K.
Innovation is resulting in new releases of ransomware that boasts user-friendly GUI interfaces so that users can more easily navigate themselves through the ransom payment process. Some ransomware variants even provide help functions such as chat boxes that allow the victim to communicate with client service specialists who are more than happy to educate “customers” through the bitcoin transaction process.
According to Symantec, the average ransom demanded in 2016 was $679 and 64% of victims paid it. Many financial institutions report to carry bitcoin balances on hand in order to pay as quickly as possible in order to return to normal operations if afflicted. Hospitals are popular targets due to the critical nature of their operations. From small business to corporate giants, no one seems to be spared.
Ransomware is a process in which malware infiltrates a device and encrypts some or all of the local data residing on any local, external or mapped drives. Some ransomware variants only target designated file types while other encrypt everything. Once encrypted, the data can no longer be accessed without the encryption key. The final step in the process is an automated screenshot that informs the victim of their circumstance and provides some type of link to click for further information.
So the billion-dollar question to this billion-dollar menace is, “How do I protect my business from ransomware.” The task seems daunting at the least as businesses and organizations much larger than yours probably have found themselves victimized. The fact is however, that the blueprint used to combat ransomware and negate its nefarious manipulation of your data is quite simple.
Email Security Protection – Email continues to serve as the primary deployment mechanism to deliver ransomware. Ransomware distributors utilize phishing attacks that coax users to click on embedded URL links or attachments. Once a user clicks on the enticing bait, a web session is initiated, which downloads the malware. Mere SPAM protection is no longer enough today. You need solutions that utilize intelligence as well as integrated antivirus services to strip away malicious code
Web filtering – It used to be that web users were only suspect to malware if they ventured into the murky regions of the Internet. Not so today. Hackers now embed legitimate websites with their malicious codes in order to initiate “Drive-by downloads” to which users unintentionally download the virus. Proper web filtering can strip away malware from the web sessions as well as prevent users from accessing sites that are known malware-launching locations.
Patching and Updating – Two recent and highly publicized ransomware attacks that inflicted thousands of organizations across the globe titled WannaCry and Petya, took advantage of a known exploit within the Microsoft operating system. Microsoft in an unprecedented move, released a patch for all Microsoft operating systems, including XP, (which was no longer supported) to eliminate the given exploit three months before the attacks took place. Had the IT teams of any inflicted organizations simply patched their devices, none of them would have suffered the devastating interruptions to their operations.
This three-legged shield provides ample protection supported by an intelligent network firewall provides ample protection for most ransomware attacks. This defense system of course requires capital investment as well as the support of a dedicated IT staff, all of which can be expensive. The other way to obtain this protection is through a managed it services provider, who can monitor and protect your network on a 24X7 basis for one set monthly fee. If you are a Houston area business, contact NSC Information Technology Group to ask about our ransomware solution.