Understanding Ransomware

If you are not one of the increasing number of organisations to have been targeted by ransomware, the term “Ransom” probably conjures up images of international criminals demanding money after abducting a millionaire’s favourite Chow Chow. Well, for the Chow Chow things may have calmed down as criminals turn their attention to more lucrative targets – the rest of us.

So, what is Ransomware? In its simplest form, it’s malware that prevents your company from accessing its data, usually by encrypting it, until you pay the attacker a ransom.

What impact does that have on your business? First is the ransom itself. It’s impossible to get accurate figures as some companies will never admit to having been successfully targeted. However, several hundred thousand to over a million US dollars have been reported.

The second negative impact is loss of revenue, directly related to temporary, and possibly permanent, loss of your company’s data, resulting in a complete or partial shutdown of your company’s operations for a few days or even weeks.

The third is loss of reputation, and this is exactly why some attacks go unreported. Damage to brand and reputation are often direct factors stemming from an attack, especially if customer data has been compromised. C-level executives may bear the brunt of unhappy clients and a board looking for someone to blame. In worst-case scenarios some employees may be laid off or parts of the business shut down altogether.

Handing over the cash.

A key decision is whether you should pay or not. The answer will be something only you can decide, although you may feel you are left with little alternative. Paying is no guarantee that you will regain access to your data, or that your files have not been corrupted or remain encrypted and are therefore useless. There is also no certainty that having extorted money from you once, that the same people aren’t going to do it again. It’s also possible that other criminals will become aware of you via the dark web and attempt the same thing.

So, what is one to do?

  • 1. Use multi-layer security to prevent an attack
  • Protect your user’s accounts with multi-factor authentication, strong password management tools, and an enterprise-level email security solution.
  • Ensure you have timely and comprehensive patch management of all your applications and can identify unauthorised software in your environment (Shadow IT)
  • Deploy threat detection/prevention to your servers and endpoints both physical and virtual
  • Finally, educate your staff so that they recognise Phishing attacks and suspicious behaviours
  • 2. Assume you will be attacked and protect your data
  • Ensure you have multiple backups of your critical and sensitive data. Ensure those copies reside in secure repositories separate to your productions systems
  • Ensure your data is encrypted and therefore of no value to the criminals.
  • Look at Cyber Insurance to help you cover the cost of restoring normal operations
  • Reduce or remove the ability for data to be stored on laptops and PCs, especially BYOD and remote devices

Advisor Anywhere gives you enterprise-level tools to protect against ransomware and other cyber threats. Contact us to discuss how we can help safeguard your data, your customer’s data and your business.