Let’s face it, we have all heard in the news about ransomware attacks, and that they are on the rise worldwide as the bad guys and girls here and abroad infiltrate computer systems and hold sensitive data hostage.
Many are under the mistaken notion that ransomware attacks only threaten large businesses, but you need to realize any computer owner is at risk. How much would you pay to get your personal computer back if it was presently locked up? Presently, the bad ones accept relatively lesser amounts to release them not attempting to determine who has been impacted and truly how much they will pay. For business, the amounts they will pay to maintain operations is substantial. Our concern is if the kidnappers determine a way to find those that really need to pay, and charge accordingly. So, think about how much you would pay to get yours back? Now think about your employer and others in your life.
Ransomware is a type of malware that infects computers, networks, servers and then encrypts (locks) data. Cybercriminals then demand a ransom to release the data. Users generally are unaware that malware has infected their systems until they receive the ransom request. The 2017 Phishing Trends and Intelligence Report issued annually by Phishlabs named ransomware one of two transformative events of 2016 and called its rapid rise a public epidemic.
The most common delivery method of this malware is through phishing emails. We have written about ways to protect yourself from those emails that lure you unsuspectingly to either open a link or an attachment. Realize that ransomware is evolving, and cybercriminals can infect computers by other methods, such as a link that redirects users to a website that infects their computer. The available methods continue to explode.
Victims should consider not paying a ransom. Paying it further encourages the criminals and worse yet, the scammers often won’t provide the decryption key even after a ransom is paid.
Prevent these ransomware attacks by talking to an IT security expert. All businesses, their payroll departments, human resource organizations and just about everyone should consider these steps to help prepare for and protect against ransomware attacks:
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- For digital devices, ensure that security patches are installed on operating systems, software and firmware. This step may be made easier through a centralized patch management system.
- Assure that antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts — no users should be assigned administrative access unless necessary, and only use administrator accounts when needed.
- Configure computer access controls, including file, directory and network share permissions, appropriately. If users require read-only information, do not provide them with write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers, compression/decompression programs.
- Back up data regularly and verify the integrity of those backups.
- Secure backup data. Make sure the backup device isn’t constantly connected to the computers and networks they are backing up. This will ensure the backup data remains unaffected by ransomware attempts.
To learn more about Czarnowski & Beer, LLP, and what we can do for you, visit our practice areas page, or contact us at info@czarbeer.com or call (212) 397-2970 and we will be happy to answer your questions.