3 Step Ransomware Defense

What is it?

Ransomware is the most insidious of malware. It preys on individuals taking advantage of their trust, internet naivete or just plain inattention. When it strikes ransomware access to your data is blocked unless a ransom is paid. It has become the most frequent form of malware attack. There were 181.5 million ransomware attacks in the first six months of 2018 alone – a 229% increase over this same time frame in 2017. And the cost of ransom payments has gone up. The average ransomware payment increased six times between 2018 and Q3 2019. The average ransomware payment amount as of Q3 2019 stands at $41,000. And cybersecurity experts believe it will only get worse!

How does it work?

Ransomware malware encrypts all the victim’s files (including those found on any attached device like an external hard drive) making them inaccessible. The bad actor then demands a ransom payment in exchange for a decryption key that you can use to decrypt your files and access them again. Trying to recover your files without the decryption key is an intractable problem requiring expensive forensics experts. Plus, any payment made using cryptocurrencies like Ukash or Bitcoin are difficult to trace making prosecuting the perpetrators nearly impossible.

Ransomware attacks are typically carried out using a “Trojan horse” that is disguised as a legitimate file. Once the hapless victim downloads and opens the fake file the malware is injected into their computer and spreads throughout the user’s network. Once a network is infected, the malware can travel automatically between computers without any further user interaction. That’s how the high-profile “WannaCry worm” works.

Take Control! Here’s a 3 Step Strategy!

First, know the Enemy…get Trained!

The first line of defense is a trained user. For this cyber awareness training is crucial to detecting attacks. Technology alone cannot protect against careless or foolish behavior. It is important that users recognize a malicious contact since ransomware is typically introduced through email and social engineering techniques to trick a user into downloading a file, providing key sensitive information or taking some other action that introduces the malware into your system.

There are number of approaches to security awareness training that are practical for small businesses. There is the break room approach where informal meetings are held periodically to talk about security. You can download security videos that show users what to look out for. For a fee, you can engage a firm to conduct simulated phishing tests which target users with fake phishing messages to test their ability to detect and report suspicious contacts.

But an effective and successful cyber awareness training program must be sponsored by management. Without this support the training will be ignored. Whichever approach your business decides to implement, it is important that policies and procedures are put in place that provide training that is up to date, performed frequently and has the backing of everyone in the company from the top down.

Next, get your own technology as a shield!

There a many software packages available today that are designed to detect and deter ransomware before it can do its damage. They aren’t 100% foolproof but they do provide an extra layer of protection against having all your files encrypted and inaccessible. PC Magazine took a look at ten ransomware protection suites for small and mid-size businesses (SMB). Choose one and install it to shield your PCs, applications and data files.

Finally, keep a Mirror Image handy!

The easiest and most effective strategy is to install backup and recovery software that creates a mirror image of your computer including all the necessary operating system (O/S) files, applications and data. This image is a ‘snapshot’ of your computer taken a specific date and time. This image can then be stored in the Cloud or on an external hard drive which is then stored at a different location. Ideally you should do both.

Copies can be scheduled to kick off automatically – daily, weekly or monthly. You should choose a frequency based on how often your data changes.

In the event your computer becomes infected by ransomware (or stops working for any reason) you can use the mirror image to recover your system and all your applications, files and data. You won’t have to pay the ransom for a decryption key and the operational and financial impact to your business can be kept to a minimum. Without a mirror image you will have to completely rebuild your system purchasing new PCs, buying and reinstalling a new clean O/S like Windows 10 plus new copies of all your applications. And you will still not have all the data to drive those applications!