What is ransomware? Ransomware is a form of malware used to threaten victims by blocking, publishing or corrupting their data unless the ransom is paid. Attackers typically infect end users with a virus, trojan or worm and lock down a network’s endpoints, requiring payment in return for access to the end user’s files. If they refuse, the virus may destroy or harvest an entire network’s data.
Worms are often used as ransomware attack tools because they are specifically designed to replicate rapidly and infect computers connected to their hosts. Trojans, meanwhile, are useful because they disguise malware as a legitimate file and trick users into downloading them.
Once the user has been infected and hackers gain control of the network, end users will be restricted from doing anything besides paying up. Their fee will typically require a payment via cryptocurrency, since it is nearly impossible to track once the transaction is complete.
2017 was the year ransomware became a widely known term outside the cybersecurity community. Stories of new ransomware attacks popping up everywhere at a scale unseen before.
These attacks cost companies $544 billion in the first six months of 2017 alone, according to Symantec’s Ransomware 2017 ISTR Special Report. Furthermore, the report showed a continued year-over-year increase of ransomware. Attacks hit dozens of countries including the U.S., Japan and Italy, just to name a few.
Luckily, ransomware attacks are trending downward in terms of frequency. Few victims were actually paying the ransoms; what’s more, new forms of malware are emerging that are more effective and stealthier. Threats such as cryptocurrency mining malware can utilize a victim’s computing power without them even knowing.
Still, ransomware attacks aren’t only targeting corporate conglomerates. 43 percent of cyberattacks are targeted toward small businesses. And as a result, companies should be adopting cybersecurity technologies with the features necessary to protect against ransomware threats.
This is an example of the user-facing component of 2017’s WannaCry ransomware attack. It was the largest attack of its kind, impacting 300,000 endpoints in May 2017.
The easiest way to protect against malware is through employee education, and security awareness training is becoming more common. These courses and seminars help companies inform employees of the dos and don’ts of online behavior.
Employees learn how to identify phishing or spoofing content that aims to trick users into downloading malicious files or giving hackers sensitive information. Malicious downloads can spread worms or viruses across a network quickly, and that sensitive information can be used to gain access to networks, applications and databases where hackers can wreak havoc on unsuspecting companies.
Ransomware protection software and solutions can come in many different forms. The most common practice is employing a backup or disaster recovery solution. These tools keep company information stored securely in an isolated environment in case cloud or local storage systems are compromised.
If hackers threaten to delete your company’s data, the amount of data lost can be significantly diminished. Important features to keep in mind are continuous backups and disaster recovery capabilities. Continuous backups will automatically sync data to keep it as up to date as possible. Disaster recovery will simplify and expedite the process of recovering upon an attack.
Secure email and web gateways are useful tools to limit the amount of potentially dangerous content employees come into contact with. Email gateways will improve spam filtering and phishing identification. Web gateways will do the same, but with unsecured sites and dangerous links. Both solution types often come with file scanning features to prevent dangerous downloads from actually getting into the network.
Endpoint protection and antivirus solutions are increasingly providing ransomware protection capabilities. Antivirus products will improve the overall protection of endpoints and increase a user’s ability to discover threats. Endpoint management tools can help keep devices and applications safe by requiring updates and patching vulnerable components.
Ransomware removal can be a little more complicated than general protection. Once the malicious program has infected a system, it can be difficult to inspect, locate and remove.
It will be easy to tell when ransomware is present, as a locked screen requesting payments won’t be very interactive. Fortunately, many devices such as PCs and smartphones possess a Safe Mode which runs a program to scan for and remove malware.
Other tools can increase your chances of a full recovery. Incident response solutions are helpful tools designed to help users remediate threats once they’ve been discovered. Some tools such as Demisto and Cybereason have features specifically for ransomware removal and inspection.
Security Information and Event Management (SIEM) solutions are suites designed to document tons of logs and improve response time and forensic analysis. Splunk and Trustwave, for example, are SIEM solutions with significant incident response capabilities.
Companies that don’t have on-hand staff to handle all of their security needs can always work with cybersecurity consulting and cybersecurity service providers. They range from consulting and implementation assistance to incident response and fully managed security services.