A well-meaning employee at a busy medical center opens an email attachment. Within minutes, the hospital’s entire system is locked out. Patient files are inaccessible and critical systems go down while malicious code encrypts the network. Under the threat of losing everything, the desperate hospital pays cyber-thieves thousands of dollars to get their own data back. It may sound like the plot of a 90’s movie, but it just happened at the Hollywood Presbyterian Medical Center in Los Angeles — just another in a long string of ransomware victims.
Ransomware is software that infects a computer and locks the user out of their own information until they pay a ransom. It’s one of the biggest security threats your organization faces, no matter the size of your organization. It’s such a huge problem that the U.S. and Canada just issued a cyber alert warning people, businesses and government agencies about the worsening flood of attacks from software like Locky or Cerber.
The effects of ransomware can be devastating because of their direct impact on business production. Users can permanently lose access to their operating systems. Sensitive data may be completely inaccessible. As a result, work grinds to a standstill.
If one of your users is hit by ransomware, you can bet they’ll be calling on you to fix it. However, there’s no guarantee you’ll be able to. Last year, the FBI told people with infected systems to “just pay the ransom,” even though paying doesn’t guarantee the hackers will unencrypt the data.
Cyberthieves made $18 million from ransomware payments between April 2014 and June 2015.
So what can you do to safeguard you organization? Protecting systems is partly technical and partly behavioral. This meaning do what you can to defend your systems, but make sure you talk to users about ransomware so they understand the important role they play in prevention.
Here are five things you can do to help protect your systems from ransomware:
-
Be Restrictive:
One of the easiest ways to protect your clients is to restrict user permissions. Well-meaning employees can inadvertently open something containing malware triggers. But if users cannot run downloads, updates and installations, it’ll be harder for them to accidentally let an infection in.
-
Get Users Involved:
Most of the time, it is user action that spreads ransomware. People click on unknown email attachments or interact with non-reputable websites and suddenly an infection is spreading through the entire company’s system. Avoid these accidents by teaching users a simple concept: “Don’t open links you don’t know anything about”. Ransomware typically relies on “social engineering” to successfully attack a system. For example, attachments to email regarding fake logistics statements are very common; what looks like a purchase order from an unknown source could carry the malicious code. Once someone opens it, it’s often too late. It is a MUST to educate end users regarding these common approaches so that they know a malicious attachment or link when they see one, and know what to do if they accidentally click something they shouldn’t have.
-
Install Antivirus Software with Behavioral Capabilities:
Your best bet for protection against ransomware is behavioral-detection antivirus software. This type of application watches a system for infections or suspicious events and warns users if it detects an abnormality or a threat. A quick reminder: when installing your AV software, make sure to turn on the behavioral analysis component! This type of module is often off, or set passively by default.
-
Get Offsite Backup:
In addition, you can safeguard your clients’ critical information by storing it offsite. Look for a backup solution that stores data in the cloud so files are safe if there’s a ransomware attack on an internal network. Be sure to set these products to perform regular backups to make recovery quick and thorough. Furthermore, a USB hard drive connected to your server that has not been strategically configured is not sufficient. It will often be encrypted along with everything else hosted in the same network.
-
Patch, Patch, Patch:
Finally, keep your users’ software current. Out of date applications and operating systems are attractive bait for hungry attackers. Use a product that covers patching for Microsoft and third-party updates to eliminate weak points. This is a good preventative defense against all attacks, not just ransomware.
Ransomware is a lucrative business for cyberthieves. Unfortunately, it’s only going to become more so due to the source code becomes more readily available online. You can help your clients by making sure they have the right security measures in place to thwart attacks.
Centrality Business Technology products like Backup Manager, Patch Manager and AV Defender can help combat ransomware by protecting your data and systems. AV Defender’s behavioral analysis module can be enabled to provide an added layer of security beyond simple pattern matching provided by many other antimalware products.
Ask Centrality for more information about AV Defender
