A type of malware, ransomware attacks without warning, and it doesn’t need an incubation period to infect your computer or mobile device. It works by encrypting your files and restricting access to them. Unless you pay a ransom to decrypt your data, you’ll risk having your files permanently destroyed and/or seeing your confidential information displayed in the public domain. At the very least, ransomware will cause a disruption in your business and could harm your company’s reputation.
The preferred currency for ransom payment is bitcoin, a type of digital currency that contains no identifiable information, making the payment transaction completely anonymous. Today’s average ransom demand now tops $1,000 according 2017 Symantec report. And paying the ransom doesn’t guarantee your files will be restored by the ransomware extortionist. In fact approximately 20% of businesses who paid a ransom didn’t get their files back. What if you can’t pay? Then there is another terrible option − you can send the malicious code to two of your friends as payment to get your data back.
Attack methods are becoming more advanced
A report from Cybersecurity Ventures indicated that in 2016, an average of 40% of spam emails contained malware links to ransomware, a 6000% increase over 2015, when less than one percent of spam emails were infected. Ransomware is also distributed by exploit kits and both methods take advantage of your network’s weakest link, the end user.
However, ransomware variants are becoming more advanced and recent versions are now bypassing the end user. They work by exploiting security vulnerabilities in your network to gain remote access. For example, the recent WannaCry virus preyed on a Windows XP weakness to gain remote access to victim machines executing the ransomware directly rather than relying on users to click on an infected email attachment or suspicious link. When one computer becomes infected, the virus spreads to other devices − exploiting the same network vulnerability.
Remote Desktop Protocol (RDP) is another new method emerging in 2017 that spreads ransomware through remote access. It is relatively easy for hackers scan the internet for systems with open ports that expose RDP and break through weak passwords to execute their ransomware. In the first quarter of 2017, two thirds of ransomware attacks were spread through this method.
Ransomware is the number one security threat for organizations
According to the Cisco 2017 Annual Cybersecurity Report, ransomware is growing at a yearly rate of 350% and it’s expected to remain a top security threat for businesses of all sizes. Attacks are expected to become more frequent, more costly, and more disruptive as cybercriminal gangs get in on the action and scale up the complexity of the attacks.
The ransom cost goes far beyond the ransom paid
Ransomware attacks are predicted to cost businesses over $5 billion in 2017, according to Cybersecurity Ventures. While the ransom demand itself may be insignificant, the unseen cost to your business is much larger when factoring in the cost of business disruption, downtime while the data is not available, lost productivity, and the inability to restore your encrypted files. Intermedia reported approximately 72 percent of infected businesses lost access to data for two days or more.
Also, consider the cost of harm to your company’s reputation should your private data become public information. And there is the extended disruption and opportunity cost as your business tries to restore the lost files and run forensics on IT systems to make sure all traces of malware have been removed.
Disaster recovery (DR), what’s your plan?
A DR plan is one of the most important components to your anti-ransomware strategy – with a solid disaster recovery plan, you won’t find yourself in a hostage situation that is controlled by ransomware crooks. Here are three key considerations to include in your strategy:
- Define RPO/RTO for your organization:
RPO: the point in time to which systems and data must be recovered after a disaster has occurred
RTO: the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organization
- Adhere to the 3-2-1 backup rule that keeps several copies of backup files in different locations and on different media (so an infected node doesn't immediately have access to both current file repositories and backup archives).
- Periodically test the DR plan to keep current with the procedures and ensure that recovered files are usable and accurate.
Make sure you’re not the next victim of ransomware extortionists. Xigent can help you uncover, correct, and protect the vulnerabilities in your network so you can restore business functionality immediately − putting you on the offense against ransomware attacks.
About Xigent Solutions
Xigent Solutions specializes in IT services and solutions for mid-market organizations. By partnering with our customers holistically, we engage on both strategic and tactical levels to help them drive greater business outcomes from IT. We do this by helping our clients create and manage Business Efficient IT (BEI) where IT resources – people, process, and technology – are more fully utilized with Xigent’s enterprise based methodology to deliver greater outcomes while minimizing IT cost and inefficiency.