Don’t Get Held Hostage by Ransomware

This week it’s GoldenEye/Petya. Last month, headlines about WannaCry ransomware briefly grabbed the world’s attention. The sad truth is that not a day passes without some organization being held hostage by encryption-based ransomware. Here are a few sobering facts:

  • Nearly 40% of all businesses have been affected to some extent by ransomware. [1]

  • More than 4,000 ransomware attacks have occurred every day since the beginning of 2016. [2]

  • The first quarter of 2017 saw a sizable spike in ransomware activity. [3]

  • A consumer gets hit by ransomware every 10 seconds (this is up from every 20 seconds in Q1 2016). [4]

  • A company gets hit by ransomware every 40 seconds (this is up from every 2 minutes in Q1 2016). [5]

  • Paying the ransom is no guarantee that your data will ever be unlocked! [6]

So, what can you do to protect your business? There are several proactive measures that you can take:

  • Installing, configuring, and maintaining an endpoint security solution, with not just protection for file based threats, but also for things like downloads, browsers, firewalls, etc.

  • Educating your users about the proper handling of unknown or suspicious emails with attachments (critical since 59% of ransomware infections are delivered this way). [7]

  • Employing content scanning and filtering on your mail servers, to scan for known threats and block any attachment types that could pose a threat.

  • Regularly updating vulnerable software to help prevent infection, making sure that your operating systems and applications have the latest patches to protect against known vulnerabilities.

  • Installing and configuring Intrusion Detection Systems (IDS) or Intrusion Protection Systems (IPS) to detect and prevent any communication attempts malware may use to create the encryption keys required to encrypt your data.

  • Blocking your end users from being able to execute malware, using solutions that prevent users from running downloaded applications, or prevent downloaded threats from being launched.

It is important to remember, however, that even if you do everything right, you can still be hit by a zero-day vulnerability threat which wasn’t caught by your defenses. But if that does happen, there is still hope -- all may not be lost.

In a virtualized computing environment, users can take snapshots of their virtual machines (VMs). This can be scheduled, with the snapshots saved to a safe storage repository. By utilizing snapshots to create regularly scheduled backups, you can significantly limit your exposure and reduce the risk of being impacted by a ransomware attack. You do this by having the ability to recreate a “clean” system through restoring virtual machines from those snapshots. In the event of a ransomware infection, you can easily restore your systems to a known good state prior to the ransomware infection from a VM snapshot, just as you would if you were recovering a VM whose data were somehow corrupted. While you might lose a small amount of data between the time of the last snapshot and the ransomware encrypting your systems, you would be able to recover your systems as they were when the last snapshot was taken, and continue business operations - minimizing the ransomware impact.

By planning ahead and having the right protections and systems in place beforehand, you can leave the headlines to others, leave ransomware attackers empty-handed, keep your systems up and running, and ensure your business continues operating.

[1] Understanding the Depth of the Global Ransomware Problem, Osterman Research, August 2016

[2] How to Protect Your Networks from Ransomware, US Justice Department Computer Crime and Intellectual Property Section, 2017

[3] Kaspersky Lab Report Confirm Ransomware Spiked in Q1 2017, Sean Michael Kerner, May 23, 2017

[4] Story of the Year: The Ransomware Revolution, Kaspersky Security Bulletin 2016, Dec. 2016

[5] Story of the Year: The Ransomware Revolution, Kaspersky Security Bulletin 2016, Dec. 2016

[6] Ransomware Victims Urged to Report Infections to Federal Law Enforcement, FBI Public Service Announcement, Sept. 15, 2016

[7] Understanding the Depth of the Global Ransomware Problem, Osterman Research, August 2016

Originally published in LinkedIn Pulse.