The Changing Ransomware Threat & How to Deal with It
Ransomware has grown exponentially during 2017 and 2018, and this trend seems likely to continue. The approaches used to create most infections depend primarily upon email, and phishing techniques are rapidly being improved upon to defeat current defenses. Few options are available once a ransomware infection has taken over your networked systems. The time to act against ransomware is now. It is important to protect yourself before your system is affected.
Alarming Numbers and Trends
Ransomware attacks on business increased 36 percent in 2017, with small businesses presenting the biggest targets. Keep in mind this is a 300 percent increase over 2015. Some of the most concerning trends in ransomware attacks were attacks on healthcare-related organizations being the fastest growing targets, and that mobile devices are showing signs of being the next channel that attackers zero in on. The odds that your system will be hit with a ransomware attack at some point is relatively high.
Responding to an Attack
Once an infection has occurred only one option typically exists to correct the situation, and that is to recover your data from backups. Payment of the ransom can be made, but this leaves your systems infected and still vulnerable. Just like cooperating with any blackmailer, however, paying the ransom makes it more likely that you will be targeted again in the future. In some cases, it may be possible to decrypt a system that’s been hit by a ransomware attack, but even in cases where the decryption code is purchased, you may still lose some data.
Take Action Now
Most ransomware attacks are not brand-new threats. Hackers recycle old attacks hoping to catch systems that have not updated their software with the latest security patches. Close the known vulnerabilities in your system by staying on top of software updates and keeping your system current.
Emphasize the importance of not opening suspicious emails. Infected emails remain the number one gateway to your system. Make regular reminders a part of life to avoid those emails.
Ensure that the antivirus system in place is configured according to industry and manufacturer best practices, and that these configurations are updated periodically.
Have a backup system in place to recover data from before the infection occurred. This means backups running multiple times daily with retention times of at least one or two months. It also means that the most critical business data should also be backed up offsite...if this is not done, it is possible for the backup storage to also become encrypted, and useless for recovery.
By being proactive, your system may weather the crisis of a ransomware attack. The odds are you will be impacted by ransomware at some point in time. The only question is whether you have taken appropriate steps to recover from it.