Ransomware 101
Ransomware has been a fear of IT professionals and business alike for many years. No one ever wants to be that business on the news or that individual that clicked on something and instantly regretted it. In recent news the Ryuk Ransomware attacks against primarily Healthcare organizations has been devastating and the Ryuk Ransomware is believed to have made up one third of all Ransomware attacks in 2020. A Ransomware attack can significantly impact an organizations ability to operate. The reality is Ransomware can also impact individuals personally, but targets are more likely business, government agencies and other organizations.
What exactly is Ransomware?
Ransomware is a type of malware that encrypts a victim’s data (Files & Databases) The primary goal is that the attacker wants the victim to provide some sort of payment to unencrypt their data. This amount can vary drastically depending on the attacker. Though financial motivation is the primary motive for Ransomware attacks, they can also be doing it for political, business disruption, notoriety or other reasons.
How do you get Ransomware?
There are several ways you can get Ransomware. The majority of Ransomware attacks occur via phishing emails that contain malicious attachments or links that download the malware when clicked. Some Ransomware is also downloaded from malicious websites that individuals browse while searching the internet, accessing things via social media, clicking on Ads, News Feeds, etc… from unknown sources.
How to Mitigate Ransomware?
I never like to use the word prevent vs mitigate when it comes to things like Ransomware or other types of malware\viruses. The attackers are always evolving and finding new ways to get to their victims and the cost of downtime can be detrimental. You can’t prevent anything 100%, but the goal is to try!!!
Over my 26-year IT Career I have come to realize that Security sometimes is made up of the equation (Solid Security Strategy + Continual Risk Mitigation + A Little Dumb Luck) = Security.
Basic Mitigation Steps
- Don’t open untrusted emails or attachments
- Don’t click on un-verified links
- Don’t go to or download from sites you don’t know or trust
- Don’t ever give out personal information to un-verified source
- Don’t use or limit USB Storage Devices
- Don’t connect to non-secure networks
- Only give access to data that people need access to perform their job responsibilities
- Implement Email Security Software
- Implement End-Point Protection Software
- Implement Secure DNS Filtering
- Keep Systems & Applications patched
- Implement a Security Information and Event Management (SIEM) Solution
- Have good Backup Strategy (Test it regularly)
- Have on-going Security & Awareness Training
This list can really grow exponentially with more and more items to help mitigate Ransomware attacks.
If you are subject to a Ransomware attack it is important that your organization have a documented incident response plan. This should include the creation of a Security Incident Response Team (SIRT). This is could be made up of IT, Legal, HR, Marketing or other key business units. When a Ransomware attack occurs, you need to not only be able to contain it technically, but there are other things to consider. (Contacting the proper authorities, internal and external communication requirements, cyber liability insurance, evidence gathering for forensic investigations).
Having the Security Incident Response Team (SIRT) and a documented game plan will help when dealing with a highly charged and stressed situation such as an active Ransomware attack.
Having a great technology stack will go a long way. I think it is critical however that there is a large focus on Business Continuity and Disaster Recovery when it comes to any type of incident such as a Ransomware attack.
Two key areas that should have a high-level of focus are first making sure you have a good Backup Strategy that includes a multiple layered approach and regular testing to validate the reliability and integrity of the backups. Some Ransomware attacks can target or impact backup files as well. The second being the need to focus on on-going Security & Awareness Training. This can include leveraging training videos, quizzes, simulators and more. Security & Awareness Training must be a requirement and not an afterthought. It’s not an OPTION anymore! A great Security & Awareness Program could tilt the percentage to your advantage when it comes to the “A Little Dumb Luck” aspect of the Security equation.
For more information on how to close the SaaS security gaps within your organization, check out Gartner’s top 5 tips and tricks to learn more. Questions or comments? Don’t hesitate to reach out to our team at 614-212-1101 or [email protected].