Ransomware is one of the biggest, most insidious cybersecurity threats today. “And it’s getting worse,” said Terry Barbounis, cybersecurity evangelist at CenturyLink.
Recent research, according to Barbounis, has shown that ransomware — malicious software that infects systems and restricts access to data until those data are unlocked — now ranks among the most common and worrisome security threats, along with distributed denial of service (DDoS) and attacks related to the internet of things (IoT).
The danger is underscored by the recent Bad Rabbit attack, which spread quickly across Europe. The ransomware is being spread via fake Adobe Flash updates, fooling users into clicking on the malware by falsely alerting that the Flash player needs an update.
Bad Rabbit follows last spring’s WannaCry attack, a ransomware cryptoworm that targeted computers running the Microsoft Windows operating system, encrypting data and demanding ransom payments in the bitcoin cryptocurrency.
“Ransomware will continue because it’s almost the perfect business model from a payment perspective,” Barbounis said. “Companies are forced to pay in order to get their data decrypted.” He said ransomware payments totaled $1 billion in 2016. The cost is expected to rise.
Many such attacks stem from emails that contain malware. These emails are increasing in number, Barbounis said, as cybercriminals invent new and more effective malware.
Although many of the ransomware attacks thus far have affected organizations in industries such as healthcare, no company is safe.
“How vulnerable your organization is to a ransomware attack can depend on a number of factors: the value and criticality of your data, thoroughness of your security hygiene, and how well your employees have been trained to spot suspicious emails.” Barbounis said.
An obvious sign of ransomware is when a user gets a ransomware notification that pops up on the screen, he said. Otherwise, users should be wary of typical ransomware components such as emails with questionable links or attachments, or compromised websites that look suspicious.
Organizations can take several steps to protect themselves, employees and customers. One of the most important is educating workers about the dangers of ransomware and the signs of an attack.
“That means teaching people why they should not be clicking on suspicious links and explaining what constitutes a suspicious link,” Barbounis said.
To make sure users understand the threat, he recommends running simulations built around emails with typically suspicious links or attachments. If any workers click on these links or open attachments, they would be reminded that this is not a good practice.
Ransomware attacks have no specific targets. They can be aimed at anyone in an organization. That means everyone needs to be trained in what to look for and actions to avoid. Also important is controlling employee access to critical data.
“Organizations need to make sure that employees only have access to what they need in order to do their work,” Barbounis said. “Nothing more.”
A good practice for the IT department is to make sure all servers and desktops in the organization have the latest security patches. “In recent ransomware attacks, the malware exploited a part of the Microsoft operating system,” said Barbounis, who noted that in most cases the patch was available. “Companies need to have a patching strategy to make sure they are up-to-date.”
The one sure way to defeat a ransomware attack — even one that renders data useless through encryption — is to back up your data, maintain a copy offline from your network, and periodically test the backup to ensure it can be restored successfully. The victimized organization can then turn to its backup to recover the data and mitigate the typical damage associated with ransomware attacks.
Doing so, of course, can be disruptive, expensive and time consuming. That’s why companies should deploy anti-virus and other anti-malware software tools to help block ransomware, according to Barbounis.
By taking these steps, organizations can avoid being held for ransom, as well as the costs that occur even when ransomware fails.
More Info: www.forbes.com
Categories: Money Matters