Imagine the following predicament: you are at your workplace routinely typing a message in response to a customer’s email, and suddenly you see a blue screen with a message on it that says,
“Your computer is locked. All your data is encrypted. To recover your files, submit 0.5 Bitcoin to the following address: XXXXX. After the payment, send the transaction ID to [email protected]”.
What’s your plan? Are you going to panic while trying to unlock the data to no avail, or negotiate with the extortionists regarding the buyout?
Ransomware as an evolving threat
Malicious programs of this sort went mainstream in 2013 when cybercrooks realized they could encrypt one’s important files and demand a pretty penny for Ransomware file decryption. By taking advantage of this scheme, the black hats have besen making roughly $2 billion a year!
There are different ransomware variants in circulation. Some of these pests focus on spotting and encoding the most valuable data. Others go ahead and lock down the entire hard drive, thereby making the attack much messier. Moreover, even after you completely eradicate the malicious code proper, the files remain inaccessible. A raid like that can paralyze your business unless you have a viable plan B.
How does ransomware make the rounds?
Malefactors are constantly coming up with new intricate ways to deposit ransomware onto computers. Most of these incursions revolve around manipulation, where you are being duped into installing the harmful program. Some ransomware strains, though, take advantage of software flaws to sneak into systems without user involvement whatsoever.
The majority of ransom Trojans are distributed over email. The Phishing messages are disguised as regular correspondence, trying to hoodwink you into opening an attached file or clicking on an embedded link. If you get on the hook and do it, your computer gets instantly contaminated.
A type of phishing hoaxes that’s gearing up for a rise is the spear phishing attack. Rather than send out numerous rogue emails to potential victims, the threat actors tailor messages targeting specific individuals. To make such emails appear trustworthy, the attackers may use personal information obtained through OSINT (open-source intelligence). For instance, the recipients’ social network profiles can be quite verbose in this context. The impostor may pretend to be a new customer or even an existing contractor you are already working with.
Websites hosting ransomware
There are websites containing deleterious code that leverages security loopholes in your browser and operating system or tricks you into authorizing the booby-trapped installation. Links to such web pages can arrive with phishing emails, or they can be manifested as in-text hyperlinks, banner ads or splash screens.
Network file transfer and remote access protocols
Sometimes ransomware harnesses security imperfections of operating systems and applications that allow executables to be distributed and launched on their own. The technique can entail serious damage. Malicious code that spreads autonomously without relying on human action is capable of propagating from system to system and expanding the attack surface in no time.
How to stay safe?
Take security awareness training of your personnel seriously
The overwhelming majority of these extortion attacks involve social engineering, therefore you can reduce the risk considerably by adding ransomware prevention to your company’s IT security training.
Make sure every employee who uses a computer at their workplace treats suspicious email attachments and embedded links with caution. Also, ascertain that your team is aware of the perils emanating from spam and messages from unfamiliar senders, especially phishing emails targeting your business or specific individual within the company.
Keep your software up to date
WannaCry and NotPetya, the most devastating ransomware campaigns of 2017, took advantage of the same vulnerability in the Windows operating system. Interestingly, Microsoft had patched this particular flaw in March, long before the two outbreaks that took place in May through June. In other words, businesses around the globe could have avoided losing billions of dollars by simply applying a commonplace OS update.
The easiest way for a small business to thwart exploitation like that is to keep automatic updates enabled. Although those recurrent computer restart notifications are a nuisance, that’s a trifle compared to all your work going down the drain.
Be sure to maintain backups
Nothing can possibly coerce you to pay the ransom if you keep the most valuable data backed up. It’s out of the question, though, that you can’t back up everything that matters and some important files will stay exposed to encryption. However, most of your business-critical records will be intact regardless.
Control access to data on the enterprise network
There is a fundamental factor that reflects the degree of your company’s susceptibility to ransomware impact. It comes down to the amount of data that can be encrypted. The more files and hard drives are affected by the Trojan, the more time it takes to restore them all from backup and the longer your business will be in a state of hiatus.
Your staff members don’t need an account with unrestricted access to all the information. Instead, an account that just allows them to do their work is enough.
Recovering from a ransomware attack and learning your lesson
In case you have data backups and an effective file recovery procedure in place, you should be able to solve the problem quickly.
Once the recovery is completed, move on to drawing the right conclusions to understand the core reasons of what happened. Did one of your employees open a phishing email? Did they click on a banner ad leading to the infection? Perhaps there are issues with the operating system or third-party software? One way or another, you need to do your best to prevent it from ever happening again.
If it’s a human factor that caused the predicament, make sure everyone in your office is aware of how exactly the attack took place. Looking for the guilty employee is a bad idea, even if it really irks you to know somebody opened the phishing email. Doing so can be an obstacle to properly analyzing the mishap. All you need to do under the circumstances is to inform your staff and appoint an IT security professional who can take good care of your enterprise systems.
Read Full Article Here - Ransomware Survival Tips for Small Businesses