So a couple years ago my mom called and said she had a problem with her computer. She downloaded something from the internet and it caused her computer to lock up. Futhermore, there was a notice that said it would remain locked until she provided payment. So my mom just went down to the local computer store and had her computer cleaned and reformatted. She learned a lesson in backing up her files and being alert and aware of what she was downloading and from who.
And that’s how it was – it didn’t seem to be more than a nuisance and you almost certainly never paid. Most people impacted were haphazard in what they viewed or opened on the web; phishing was not as prevalent as it is now and so those who were impacted justified getting a new computer than anything else.
Now, ransomware is big business and a growth industry. Ever-adapting criminals realized that businesses were not doing their due diligence and pounced on a chance for more. And unlike the small scam of yesterday, today, there is good money to be made against big business. It’s affecting everyone and everything, including Apple. We have seen it join the healthcare bandwagon and cause businesses and organizations to shut down. And small businesses aren’t immune to it either.
What does it mean to you and your business ? And how can you protect yourself? We have partnered up with Gate 15 (www.gate15.us) to do an assessment and give you some thoughts on protection, prevention, and readiness.
Here is a snippet.
“Analysis. Ransomware is the latest instance of the underground economy shifting into a new niche. This type of malware is profitable, easy to deploy, and many internet users don’t know how to defend against it effectively. Ransoming an individual’s or organization’s data back to them is a doubly effective threat in today’s information-based economy. With media coverage almost unanimously reporting on how successful these infections have been, there’s no reason to believe that cyber-criminals will be abandoning this tool any time soon.
“Preparedness & Operational Considerations. The speed with which the public and private sector learns how to mitigate the damage from ransomware attacks will determine the popularity of this malware in the future.
- Planning. Ensure you maintain a backup policy and review it periodically. Leaders should feel comfortable about what information is stored in backups, how often they’re being made, and where they’re stored. It’s only a matter of time before ransomware starts targeting backups in the cloud. Even if a backup policy doesn’t exist, due to the explosive growth of ransomware, guidance should be given to staff to create backups of your organization’s critical files.
- Training. To minimize the likelihood of ransomware infecting your systems, organizations should review employee cybersecurity training materials to confirm they include how to identify malicious links and attachments. Training should be regularly updated to make employees aware of changes to the tactics adversaries are using or, alternatively, such training could be outsourced to specialized third party contractors.
- Exercise. Have your IT staff do multiple restorations from backups in storage. Every employee should have the chance to review and familiarize themselves with the procedure in case your networks become encrypted and a quick restoration becomes necessary to minimize downtime. This exercise will also allow IT leaders to gauge how comprehensive recent backups are and if there are any deficiencies in the process that need to be resolved.
- Operations. There are a few tweaks cybersecurity professionals can implement on their networks to try to mitigate the most common avenues of attack for ransomware.”
Gate 15 produces a host of products on a daily basis, the Sun, and on a weekly basis, the Dashboard and the Torpedo, that gives individuals and businesses tools to be prepared for threats. Go to http://www.gate15.us and check out their products. You can sign up on for the daily SUN product and the Dashboard and Torpedo, which are produced on a weekly basis. And best of all, these products are free.