2014 might have been the Year of the Horse and 2015 the Year of the Goat, but 2016 was, without a doubt, the Year of Ransomware. A number of well known, big-name businesses were in the news this year as the victims of this seemingly new form of a cyber attack. What hasn’t been making the news are the legions of smaller businesses (SMBs) that have been hit by the same type of attack, but who don’t have the same resources at their disposal to deal with either the attack or its after-effects? Many SMBs didn’t even know what this type of attack was before they became victims.
A ransomware attack often begins in much the same way as several other types of attacks: with a phishing email. Once a user clicks on a link in the email, or sometimes even just opens the email to read it, a remote server is contacted, and the payload is secretly downloaded to the client computer. The payload scans the computer, locates all connected media it can access from the machine it’s on, and then begins encrypting everything it can encrypt so that the owner of the data can’t access it. The whole process from the first click to “Goodnight, Irene” can take as little as three seconds.
As any network security professional knows, a network is only as secure as its weakest user, and ransomware attacks are predominantly vectored on user error by way of phishing. While this means that the threat of this type of attack can never be completely removed, there are a few things any business can do to reduce the likelihood of a successful attack.
If the weakest link in the system is the users, make the users stronger. Training in what common phishing attacks look like and how to deal with them is a fundamental step in any security strategy.
On the network side, one of the most effective methods of dealing with a ransomware attack is lightning-fast detection and immediate disinfection. That means active monitoring to see the threat and immediate wiping of all files and programs on the infected machine. This makes the next component even more vital than it would otherwise be.
Backup and Disaster Recovery
Even before ransomware was such a common threat, robust BDR was an important part of almost any network security implementation. With more and more frequent ransomware attacks on smaller and smaller businesses, BDR has now been elevated to key component status. Ransomware only works if the bad guys have something to ransom – that is if they can keep a business from its data. With real-time cloud-based backups, restoring the data to a disinfected machine can take as little as 5 minutes, leaving the bad guys with no leverage whatsoever.
2016 has seen a marked increase in the number and sophistication of ransomware cyberattacks on SMBs. By taking some basic and reasonable precautions, it is possible to make sure that 2017 is once again known simply as the Year of the Rooster.