According to reports, crooks are ramping up ransomware attacks, even in a time of international crisis. Experts warn that cybercriminals may be adapting their ransomware tactics during the Coronavirus pandemic by setting malware to launch faster once inside an organization’s network. Learn these ways to better protect your organization from a ransomware attack.
What Is Ransomware?
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data set until a ransom is paid. Ransomware can strike an organization through phishing emails, server vulnerabilities, infected websites, or online ads.
Attackers may take over a single device or an entire network and restrict access until a ransom is paid--typically in the form of Bitcoin or similar digital currency--in exchange for a decryption key.
Victims often have to decide whether to pay the ransom in an attempt to get the decryption key or focus on restoring and rebuilding targeted systems. According to the Federal Trade Commission (FTC), law enforcement doesn’t recommend paying the ransom, as it doesn’t guarantee that the business will get its data back. Recovery can be a difficult process that may require the services of a data recovery specialist.
Ransomware Is Launching More Quickly in the Age of COVID-19
Cybercrime operations are intensifying ransomware attacks at a time when remote access to computer networks and online services is more vital than ever.
According to experts, before the pandemic, ransomware attackers may have taken more time to investigate the targeted organization’s data once inside the network. However, experts say that now criminals are launching malware immediately, perhaps believing that the company will pay the ransom right away in order to operate during the crisis.
Cybercriminals are likely aware that they have an opportunity to extort companies, especially if the target is a hospital, government institution, or a company operating online more than before because of the pandemic.
Ransomware Can Be Devastating for Businesses
Ransomware attacks can cause costly disruptions as well as the loss of critical data. The average cost of an enterprise ransomware attack in Q1 2020 was more than $111,000, with the average ransom payment exceeding $40,000.
According to one study, ransomware payments increased by about 33 percent in the first quarter of 2020, partly due to new attacks related to businesses shifting to remote teams and relying on home and non-business networks that are inherently less secure.
Any organization can be at risk—from small and mid-sized businesses to larger enterprises. Essentially any individual or organization with important data stored on their computer or network is at risk, including government agencies, law enforcement, healthcare systems, and other critical infrastructure entities. Criminal groups are even exploiting the crisis to hit the healthcare sector when it’s at its most desperate.
Ways to Better Protect Your Business from a Ransomware Attack
The Cybersecurity and Infrastructure Security Agency (CISA) recommends that organizations employ the following best practices:
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
The FTC also offers the following recommendations:
- Create a plan detailing how the business could operate after a ransomware attack, and share it with staff who need to know.
- Regularly save important files to a drive or server that is not connected to the network. Make data backup part of routine business operations.
- Install the latest patches and updates. Look for additional means of protection, like email authentication, and intrusion prevention software, and set them to update automatically.
- Teach employees how to avoid phishing scams and other scams. Include tips for spotting and protecting against ransomware in orientation and training.
The FBI advises companies to regularly update their operating systems and software, set anti-virus solutions to run regular scans and automatically update, back up data frequently, and secure those backups.
If Your Organization Is the Victim of a Ransomware Attack
The FTC advises businesses to report the attack right away to the local FBI office and notify customers if data or personal information was compromised.