Monday, March 6, 2017

Lessons from a ransomware attack

CNN reports that a ransomware attack has locked the computer network of the Pennsylvania Democratic Caucus. This is what we call a teachable moment.

What is ransomware? Ransomware is malicious software that locks one's computer or network until a sum a money is paid, at which point the cybercriminal provide a code to unlock the system. If the ransom is not paid with a set timeframe, they will wipe the data. And, any organization that relies on access to data, and cannot afford to lose access to that data at any time, is the prime target of a ransomware attack. Does that sound like your business?

How does one become infected with ransomware? Like any other virus or malware, most often by clicking a suspicious link in an email or on a website.

If you become victim to a ransomware attack, your options are limited. Depending on the type of encryption used by the cybercriminals to lock your system, you may be able to break the encryption. But that is unlikely. Much more likely, you either pay the ransom, or rely the quality of your system back-up, and the expense that goes along with restoring it.

Either way, plan on a ransomware attack costing you. In 2015, for example, victims of these attacks paid a collective $24 million in ransom to these cyber-extortionists, and other $325 million to disinfect machines and restore backup data. In other words, ransomware is big business and a bigger threat, and it's not going away anytime soon.

The best cybercrime offense is a good defense. Here are four tips to best protect your organization from suffering a crippling and expensive ransomware attack.

1. Diligently back up everything. If you invest in quality and reliable system backups, then you remove most of the risk of suffering a ransomware attack. In the event of an attack, you simply wipe your computers and servers, and start from scratch via the last uninfected backup.

2. Avoid suspicious emails and links. This, of course, is easier said than done, especially if your employees do not know for what to beware. Even a little bit of cyber-training goes a long way, and with the right training, your employees will learn to vet before they click. Your employees are the prime targets of these attacks, and they are also your first, and best, line of defense.

3. Patch software and block suspicious emails and websites. This step does not work without training your employees. The cybercriminals are at least one step (if not two three, or more steps) ahead of software patches and email/website blacklists. Nevertheless, have the latest version of everything installed lets the security experts working for your software providers do their jobs.

4. Disconnect immediately upon an infection. Any cyberattack is easier to contain and correct and limited to one desktop. Once it spread to multiple machines or, worse yet, servers, it becomes more difficult and exponentially more expensive to remedy. Once you learn of infection, notify IT and get everything offline as soon as possible. Quarantining the infected machines is the only way to stop ransomware from infecting your entire network.

No business is immune from suffering a cyberattack. However, proaction is better than reaction. Taking these four steps will help position your company best to avoid a cyberattack such a ransomware, and to respond when it occurs.