Ransomware attacks are making headlines more and more. The 2016 statistics are startling; more than 4,000 ransomware attacks occurred daily. Why is ransomware so popular with cybercriminals? Because it works! Ransomware is now a billion-dollar industry and growing.
How does the ransomware infect a computer system? There are three main ways a computer system is infected by ransomware:
- By opening an email and clicking on an attachment. Typically, the attachment looks legitimate, like an invoice or an electronic fax, but instead it contains the malicious ransomware code.
- An email might contain a legitimate-looking URL, but once clicked on, one is directed to a website that infects the computer with the malicious software.
- The newest and most sophisticated way is to seed legitimate websites with malicious code, taking advantage of unpatched software on the victim’s computer.
It’s that easy! Once the infection hits the system, the malware begins encrypting all data that resides on the computer including data within the network (i.e. other computers, backup drives, attached drives).
Typically, the victim isn’t aware of the attack until they can no longer access their files and start receiving computer messages demanding the ransom in exchange for the decryption key. Ransoms can be in the hundreds of thousands of dollars, which is paid in bitcoins to provide anonymity.
Although the FBI doesn’t recommend paying the ransom, many victims pay it in order to get back to business. Not only is there the financial pain of having to pay the ransom, but also the burden of downtime costs and loss of productivity. Plus, once the ransom is paid the victim now has the financial burden of insuring their system is upgraded to prevent another attack. Plus, unfortunately, there are accounts of victims paying the ransom, but never getting the decryption key to unlock their system.
One may never be able to be completely protected against an attack. Below, are some of the key steps to help prevent and prepare.
- Implement a training program for your staff on the threat of ransomware and how a system may get infected. Important facts:
- Staff should not open email attachments unless it’s expected or sent from a reliable source. If in doubt, have staff contact sender to confirm.
- Stop web browsing by staff to avoid phishing campaigns, suspicious website and other scams.
- Be sure your firewalls, antivirus, antimalware and anti-exploit security programs always stay up-to-date. Be sure your antivirus and antimalware are set to conduct regular scans automatically.
- Always upgrade your operating system, software and firmware to the latest version. Unpatched programs leave the system open to threats.
- Perform daily secure backups of your critical data to a USB drives, an external hard drives and/or a cloud storage. If using a drive, be sure to disconnect it from the network after backup to prevent that device from being hacked.
- Test your backups regularly to ensure you have the data when you need it most.
Being prepared and having a plan is your best line of defense. For more information and a detailed list of steps to help prevent ransomware, please review How to Protect Yourself from Ransomware created by the FBI https://www.justice.gov/criminal-ccips/file/872771/download
Cloud backup is crucial in fighting ransomware. ECLIPSE has partnered with DataHEALTH, the leading provider of cloud backup to the healthcare industry. DataHEALTH is the ONLY cloud backup provider to be URAC HIPAA Security Business Associate and National Institute Standards and Technology FIPS 140-2 encryption certified.