It's a security problem that's existed for more than 10 years, yet ransomware is continuing to grow exponentially and cause disruption and losses for businesses around the world.
The threat is simple to understand and yet difficult to prevent. It involves the infection of computer systems by rogue code that quickly encrypts stored data. The cybercriminal responsible then demands payment for the decryption key with the victim either having to pay up or face losing access to the data forever.
Obtaining an accurate picture of the size of the global ransomware problem is difficult. Unless legally required to do so, most organisations that fall victim are unlikely to admit the fact publically. They naturally fear the negative impact such a revelation would have on their reputation - an attitude particularly prevalent in sectors such as healthcare, financial services and the legal community.
However, anecdotally, the problem is large and growing. Almost every organisation will admit privately that they have either been the target of an attack or know someone who has.
If the victim of an attack, many organisations opt to revert to their most recent data backup rather than paying the ransom. They may lose productivity and some data, however they see this as a better alternative than paying a criminal. Once the precedent has been set, they believe, future attacks may become more likely.
Meanwhile, new strains of ransomware are causing other challenges. As well as the data in production environments, some also encrypt data backups such as system snapshots. This means the victim has to resort to older, off-line data stores which is likely to cause longer disruption and the loss of more data.
Other types discovered in the wild threaten that, if payment is not made, copies of the compromised data will be made publically available on the internet. These sort of developments take the ransomware threat to a whole new level.
Protection from ransomware
The challenge posed by ransomware attacks is particularly acute because conventional IT security mechanisms are unlikely to prevent them. The code may not necessarily be stopped by a firewall or anti-virus tool, which means it can enter an organisation's IT infrastructure undetected.
The threat is also more likely to come in the form of a phishing attack than a hacking attempt. The criminal will attempt to gain access by encouraging someone within the target organisation to click on an email attachment or web link or to insert an infected USB drive into a corporate PC. An organisation can have the best cyber security available in place, but a simple act by a staff member can render it toothless.
To achieve the best possible defences against potential ransomware attacks, an organisation should follow a series of steps:
Security audit: A first step is to retain the services of an external IT security partner to undertake a thorough assessment of the organisation's entire IT infrastructure. This will determine if and where any potential weaknesses might exist that need to be addressed.
Initial education: It's vital that all staff are made aware of the ransomware problem and the vectors through which the code is spread. Education must include details of phishing techniques and how to spot them before it's too late and the code is released.
Ongoing monitoring: Maintaining defences against phishing attacks is not a set-and-forget exercise. The external IT security partner should undertake regular checks by mounting fake phishing attacks. This will ensure staff remain on guard at all times and those that show susceptibility are required to carry out mandatory ongoing training and demonstrate their vigilance through regular testing.
Security tools: The organisation should also deploy extra security tools to help ward off potential attacks. This includes tools that automatically quarantine suspicious items and run attachments and URLs in a sandbox environment. Other tools can be deployed that monitor web browsers across the organisation and alert the IT team to suspicious activity.
Cyber Security is no longer just the responsibility of IT – executives and board members are the ones that must face the music in event of a breach so are required to take an increasingly proactive role to ensure an organisations protection. In some industries, regulatory bodies go as far as to stipulate that official responsibility for security rests with directors.
They key to any effective security initiative is ongoing attention at all levels – from leadership through to each staff member, and across all departments.
By taking a planned and thorough approach, an organisation can significantly reduce the likelihood it will fall victim to a ransomware attack. Through a combination of appropriate tools and the ongoing education of staff, the security of vital corporate data and systems can be properly maintained.