How to fight back against ransomware
By Graeme Zwart, PXP Chief Information Security Officer
Ransomware is on the rise, here we examine what it is, how it works and how you can protect your business against it.
The changing face of ransomware
Ransomware locks computers or encrypts files and demands money from victims to regain access to their devices or data. UK hospitals and German railways have been among recent high-profile ransomware victims. This type of online extortion has been around for decades but its focus is changing. Businesses are now firmly in the cross-hairs of criminal ransomware gangs.
Ransomware detections accounted for around 12 percent of all enterprise threats in the six months to November 2016, but only two percent of consumer threats, according to security vendor Malwarebytes. In fact, nearly 40 percent of businesses experienced a ransomware attack last year. More than one-third lost revenue and 20 percent had to cease business completely as a result.
Criminals have switched to targeting businesses with deeper pockets and more incentive to pay ransoms. This is quicker and easier than going after the long-tail of individual consumers, who may or may not pay. So, ransomware is not a problem happening elsewhere to other businesses. It’s very much happening to you and your peers.
Top tips to fight back
Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs malware, or via a so-called ‘drive-by’ download when the user visits an infected website.
However bad this may sound, there is silver lining.
If your business is maintaining a robust level of security, then you have a good chance of standing up to ransomware threats.
Here are three examples. One, screen e-mails and attachments, quarantining any dangerous ones. Two, restrict web browsing to reduce the chance of staff visiting unsafe sites, which could contain malware. Three, prevent staff from using unsanctioned USB sticks in company equipment.
You’re probably taking precautions like these to comply with PCI DSS, the global data security standard adopted by the card brands. Revisit them to ensure that are still fit-for-purpose. Roll them out to the rest of the business, if they’re not already.
More prevention tips
Here are three more tips: segment your network, back up data and patch. Using network segmentation will help you contain and minimise the spread of ransomware-containing malware in the event of an infection. Back up data and check the integrity of those back-ups regularly. Patch software regularly and review your patching regime regularly, too.
Good processes and technology will take you about two-thirds of the way towards securing your business. The multiplier or accelerator effect comes when you add people. So, train your staff — it’s easy to say but harder to do.
Your staff can be your weakest link as well as your best defence against ransomware. Ensure that they are trained on current phishing attacks, including personally addressed spear phishing and business e-mail compromises, also known as CEO fraud. It’s also worth conducting test phishing attacks to reinforce learnings and hone training methods.
The tips mentioned here are by no means exhaustive. My point is that many of the policies and practices required for PCI DSS are directly relevant to combatting ransomware. To find out more, have a look at our Data Security Myth Buster.
For a free 30-minute consultation on your payments requirements, please complete the form below or call 0844 209 4370.