2016 has been a whirlwind year when it comes to ransomware attacks. Ransomware incidents have exploded and organizations, especially those holding critical information, find themselves helpless to combat the malicious code. The healthcare industry constitutes the perfect example:
And the list goes on as organizations are targeted by increasingly sophisticated malware and at an unprecedented rate.
The first step is to frequently back up and encrypt your data outside of your network. Using backups, potential victims can access their data without paying the ransom. The organization still has to contain the infected systems, wipe them out completely and restore data. The process often takes days (Tech News World). Some victims estimate the cost of paying the ransom as less expensive than such a downtime. As a note, it is important to keep in mind that any payment often funds additional criminal activities including the delivery of more malicious malware in the future.
Also, many organizations are now required to perform backups including health care related organizations who are subject to the HIPAA’s Security Rule.
Early detection can also prevent the malware from spreading across the organization. Detection often occurs through network monitoring, anti-phishing, behavioral analysis and other defensive measures. The infected user would have abnormal spikes in activity as the malware opens and modifies files quickly. For example, if a single user account modifies 100 files within a minute, it’s a good bet something malicious is taking place on that system.
Prevention remains the first line of defense against ransomware.
Criminals want to make a quick buck. They want to be in and out of your system as fast as possible. Protecting your assets will discourage them.
Remember, phishing e-mails are often exploited by criminals for various malicious purposes. Employee training is crucial to cybersecurity. Human error is by far the most cited cause of organizational cyber incidents.
Training is critical for executives and all individuals allowed to assess sensitive information. The HIPAA requires the training of employees so that they can detect and report instances of malicious software threat and therefore block potential attacks. Annual training is compulsory under the Payment Card Industry Data Security Standard. (PCI DSS Rule 12.6.1).
Malware can eventually be cracked by researchers (as was the case with the Petya ransomware), but that code is usually replaced by stronger and more malicious strains.
The only reliable way to stop ransomware is to make certain that it does not make its way to your critical data in the first place. Training employees, contractors and especially executives who may have access to critical data that cannot be replaced solves a part of the problem, however, even your smartest employees may fall victim to a sophisticated phishing scam. Understanding how the threat behaves, for example by opening and modifying files, should trigger both technology and analysts to respond and mitigate the threat quickly. Even organizations who have full backups of their systems and data have found that the alternative of deleting the encrypted data and adding the files back to all of their systems is time-consuming and expensive.
Prepare, protect and defend the right people, processes, and technology to identify and stop the code will give good companies a fighting chance against this new threat.