Bad Rabbit, Locky, Petya, Cerber, Jigsaw … no, these aren’t street names for narcotics, they’re variants of ransomware, and the ransomware business is positively booming. Google partnered with UC San Diego and the NYU Tandon School of Engineering this past summer to calculate just how much, in fact, and found that victims of ransomware have paid more than $25 million in 2015 and 2016.
And, as this study and others have found, the ransomware ecosystem and intelligence is very quickly evolving. In countries with legislation that is not yet designed to outlaw and prevent this, ransomware has become a full-on business. Call centers can process your payments to unlock ransomed data, or fake technical support will socially engineer the unwitting by calling them and convincing them to provide remote access to their computers.
Most of these organizations will charge you the ransom with Bitcoin or other digital currency that is hard to trace. They have even become sophisticated enough to do market research to understand exactly how much to charge you so that you’ll actually pay, using the Big Mac Index (controlling for currency exchange rates and inflation to understand the general value of something – based on the cost of a cheeseburger in every country).
In other words, giving in and paying the ransom is fueling these organizations even further, and they are not contractually obligated to give you your data back when you do. In fact, studies show that on average people may receive back 80 percent of their data.
Fighting Back Against Ransomware: Defense in Depth and Backups
Much like in medicine, the best method is prevention. There are a variety of preventative measures you can take, both personally and within your organization to stop ransomware from entering your network or encrypting all your data.
Your defense in depth security strategy — firewall, antivirus and content filtering tools — can help you keep out anything malicious and quickly identify unusual behavior should something get into your network. Additionally, your network architecture should be built in such a way that not everything can access everything, which can help minimize the spread of ransomware. It’s important to understand here that not any one thing will fully protect you and it’s the combination of solutions and behaviors that will help keep you safe.
The two main attack vectors for ransomware today are through phishing (in this case, attaching a malicious file to an email and sending it to the target to unwittingly open) or malicious advertisements placed on legitimate webpages. Having these safeguards in place will prevent or minimize any attack you might experience.
A very key element to surviving a ransomware attack, however, is your backups.
You can’t trust the nefarious organization that ransomed your data to actually decrypt all of it for you upon payment, and paying into this crime ring isn’t ideal. However, if you do get infected with ransomware, your backups can restore your data without going through any of that.
Having regular backups taken of your environment, including ones that go offsite and disconnect from your network, is essential to protecting your critical data against countless things, ransomware being just one. However, when it comes to ransomware and other malware, some are programmed to map your network and spread quickly, and that can include infecting your backups.
Finally, knowing is half the battle. They didn’t start calling them computer viruses for nothing – they infect and spread and get smarter and mutate. Stay educated on what’s out there. As the threats change, your security strategy must too.
If you want to develop your defense in depth strategy or get your ransomware-resistant backup system up and running, we can help. All of our Managed Services clients receive this service and we keep it updated and secure every month.