Malware is on the rise as hackers look for ways to crack corporate systems and compromise valuable data. Yet the biggest jump comes from ransomware: According to PYMNTS.com, this type of malware saw a 752 percent increase through 2016 and led to more than $1 billion in losses. As noted by CIO Today, the ransomware landscape is becoming “more and more centralized, with a few significant malware families dominating the market and hitting organizations of all sizes.” It’s not exactly good news, but what does it mean for your organization? What is ransomware? How does it work? How can your company stay safe? Here’s what you need to know.
The Basics: Lock and Load
The goal of ransomware is simple: Lock users out of critical files and services until they agree to pay a ransom. If companies don’t comply with attacker demands, data is either deleted or sold on the dark web.
There are two broad categories of ransomware: Locker and crypto. Locker came first, and avoids damaging critical files in favor of locking users out of specific functions. The benefit here is that security companies can typically find easy workarounds, share this information and help companies take back control. Crypto ransomware — such as Locky, TeslaCrypt or Cryptowall — works by encrypting critical files and then demanding payment. Users may be able to access their desktop and limited functionality, but can’t open documents, pictures or reports. After booting a PC infected with crypto ransomware, users typically encounter a “splash screen” demanding payment, often in Bitcoin. They are directed to send the money to a specific email address within a certain time frame or their files will be permanently deleted.
Infection Vectors
How do company devices get infected with ransomware in the first place? The most common compromise routes are phishing emails and malicious websites. Phishing emails are designed to trick users into clicking on malicious links or downloading compromised files. If successful, “dropper” programs grab ransomware from a command and control (C&C) server, which then encrypts files. Malicious websites, meanwhile, contain embedded ransomware code that installs itself if users click on specific links — and in some cases can “force” a download when users land on the initial webpage.
Staying Safe
As noted by CIO, staying ahead of malware demands the right IT strategy. For example, it’s critical to run regular risk analysis and determine the most likely points of compromise. In addition, regular penetration testing of your network can help identify weak spots. It’s also important to leverage new technology solutions — such as cloud security brokers, real-time end-user management, and network traffic analysis to proactively identify ransomware code before it compromises corporate systems.
What If?
Sometimes, malware gets past the perimeter. To limit the damage, make sure you’re always backing up data somewhere outside your local network — physical media such as USB sticks or external hard drives in addition to cloud-based storage solutions are solid choices here. Next, take a look online for possible fixes. Anti-virus and security research companies regularly test and defeat ransomware infections so you may be able to find decryption tools online. If nothing else works, consider paying the ransom — with the caveat that hackers don’t always honor their word. Best bet? Keep your security solutions up to date to help detect and mitigate any issues.
Ransomware means big risk for organizations. Recognize the signs, know common infection routes, and implement proactive security procedures to stay ahead of hacker efforts.
Author: Brian Thoman is Publications Manager at Column Technologies, a global technology solutions provider that specializes in business service and process management. Thoman is an ITIL-certified procurement specialist with over six years of proposal writing and management experience.
Latest posts by Column Case Management (see all)
- Ransomware: What Your Company Needs To Know - April 3, 2017