The so-called ransomware “industry” has grown rapidly over the past few years. Today, a business finds itself under attack almost every 40 seconds. The ransomware industry rakes in mountains of profit from its victims, although concrete figures are hard to come by. Many victims are hesitant and embarrassed to admit they paid to regain access to their data. However, the estimated combined losses from ransomware payments are expected to reach $6 trillion by the year 2021.
Chief targets by ransomware hackers include organizations in the education, financial, and healthcare industries. These organizations often have thousands or even tens of thousands of gigabytes of customer/patient data they cannot afford to lose—making them all the more willing to pay handsomely to get their data back at any cost. However, any person, business, or organization can become a target of ransomware attackers.
We here at Gillware have provided a comprehensive Ransomware Prevention Guide to assist you and your clients in preventing a ransomware attack, or easily recovering from one if it occurs. Paying close attention to this advice and assessing your approach to IT security can go a long way toward protecting you and your clients from ransomware intrusions.
Our Ransomware Prevention Guide offers seven comprehensive points to approach ransomware prevention and security. A good plan to defend yourself from ransomware intrusions and other attacks will encompass all seven points. Download and print our guide for the full experience; for an abridged Cliffs Notes guide to ransomware prevention, read on:
Do all of your employees have root or admin level access? Do all of your employees have the ability to install new software on their machines? Should they? Many ransomware attacks succeed because too many employees in a business or organization have privileges they shouldn't have. If, or rather when an employee is compromised, hackers can wreak havoc.
Train your employees to recognize email spam and phishing techniques. Phishers use a wide range of tricks to try and bypass the part of our brains that says, “Hey, hold on, this doesn’t make any sense” and get us to download a malware package, or click a link to a fake login page that steals our login credentials. As part of a strong ransomware prevention program, you should train your employees to recognize and react accordingly to hacking and phishing attempts.
Software designers and systems engineers are caught in an ever-escalating arms race with malware developers. Hackers constantly find new vulnerabilities; all the while programmers are scrambling to plug them up. As a result of this programming arms race, if you have software and systems that aren't up-to-date, you're leaving yourself wide-open to attack. Your security system will look less like a suit of armor and more like a cashmere sweater that's been left in a closet filled with moth larvae.
No computer or mobile device you use should be without a good antivirus system. However, you must also be aware that antivirus software is far from a panacea for digital ills. Conscientious computer usage and thoughtful security measures are an absolute must for any effective ransomware prevention plan.
It’s easy to see the appeal of easy-to-remember passwords, but the problem is that “easy to remember” is also “easy to guess”. To make matters worse, almost 3 out of every 4 people reuse passwords for multiple accounts and services! With weak and overused passwords, an intruder can easily slip right through your security system and encrypt your files.
No matter how strong your passwords are, there are still ways a dedicated hacker might get around that. Among the most at risk are social media accounts (such as Facebook, Twitter, LinkedIn, etc.) that can be hijacked to send phishing scams to your friends and contacts. To prevent intrusions, two-factor authentication adds another layer of defense to your security systems. Once you've got a good combination of a strong VPN, strong and unique passwords, and two-factor authentication, you and your business will be much safer.
Imagine a ransomware virus hits you. All of a sudden, all your data has gone up in smoke. Your records, your databases, your documents and spreadsheets—all gone.
But wait—Fortunately for you, you have a backup! And not just any backup—a strong, secure, automated backup system. You've kept the backups off-network, so the virus couldn't encrypt or delete them. Once you've cleaned up the place a bit and blocked any further unauthorized remote access, you can restore from those backups. Now you're back in business—and you didn't pay the hackers a single cent.
Over the past few years, ransomware attacks have gotten easier and easier to pull off—and more lucrative as well. The ease with which hackers can launch ransomware attacks has only increased over time. And in the coming years, ransomware attacks will become even more widespread and (potentially) rake in even more revenue for their perpetrators.
Ransomware creators are constantly stepping up their game, testing out new methods to more successfully infiltrate seemingly-secure infrastructures. These include probing the vulnerabilities in security systems and testing new phishing methods to worm their way into otherwise-secure infrastructures.
The best way to reduce the frequency and intensity of ransomware attacks is to convince their perpetrators that their attacks can no longer generate enough profit for them. In other words—stop paying the hackers. In the past, physicians all but eradicated smallpox and polio through vaccinations, which prevented the viruses from infecting humans and made it impossible for the viruses to spread. Likewise, measures to prevent ransomware attacks from succeeding in the first place can go a long way toward eradicating this practice.
To stay vigilant, security experts must keep abreast of current developments in the ransomware “industry”. Business owners and IT consultants must know what kind of training employees need in order to build strong security measures and guard against ransomware intrusions.
Have you or a client fallen victim to a ransomware intrusion? Contact Gillware Digital Forensics to set up a Ransomware Data Recovery and Forensic Investigation consultation with our ransomware experts: