Ransomware: How to plan, prepare, and protect against it

technology specialist working on computer

Ransomware: How to plan, prepare, and protect against it

technology specialist working on computer

With cyber attacks becoming more prevalent, we are on a mission to help people understand not only what these attacks are and what they mean, but also to help organizations be prepared for an event and lessen the severity of an attack through proper planning and preparation.

History of Cyber Security Threats

Just like technology, cyber attacks have changed over time, becoming more sophisticated. The first attacks, known as Jokesters, were designed to be just that–a silly prank, but nothing that would destroy the affected party’s computer or steal any data. The next round of attacks, Mayhem Creators, still exist today. Essentially, Mayhem Creators are people that write viruses designed to mess you up with no monetary benefit involved.

Espionage attacks are essentially cyber warfare between corporations and governments. These are difficult to plan against.

The attacks we hear about most often these days are designed for monetization and business. In other words, computer malware is a business now, with the parties behind it being focused on the return on investment. These type of threats started with spammers, but since the security industry has taken care of about 99.9% of spam, there’s no money to be made here.

Encryption ransomware began with the launch of Cryptolocker in 2013, with the attackers making their money by holding information hostage until the ransom was paid in bitcoin. The first creator netted anywhere between 10 and 87 million dollars once they sold their bitcoin. Following this first attack, there has been a massive proliferation of copycats. While this type of attack seems to be on its way out, security companies know the risk involved with this type of attack and have made sure they can address it so people will pay for their services.

Cryptocurrency Mining Malware attacks are another form of attack where the parties behind the attack are focused on what they can make off of it and use bitcoins to do it so there will be no physical copy of the money to trace. Bitcoins are minted by cryptocurrency mining software, where you can essentially plug a computer into the system and try to have it solve the algorithm to generate new bitcoins. To get more bitcoin, you have to buy more computing capacity. The bad news is nothing prevents hackers from taking the mining software and installing it on a device without its owner ever realizing it. Meanwhile, the software is chipping away at your computer’s lifespan over time. There is never any encryption of files, so the only way to know if your computer is affected is if you have the right software in place. The good news, once it’s discovered, the game is over for the attacker.

What Can We Do About It?

If you put a few core tenets into place, you will have the highest level of success for prevention. The tenets are:

  • Preventing threats from reaching the network
  • Preventing users from clicking the bad thing
  • Preventing the loss of data in the event of a successful attack

Prevent Threats

The approach to preventing threats include firewall level protection, network level protection, and PC level protection. Through firewall level protection, the system monitors to the best of its ability to prevent intrusion, looking at all packets of info contained within the firewall. At the network level, web and spam filters are used as a helper to the firewall protection, especially monitoring all the websites a user is visiting for any suspicious activity or threats.

An antivirus software has been the most common method of PC level protection. However, within this category of protection, more products and classes of products that watch for ransomware have been developed and introduced to the market. These type of products usually create a folder on the computer containing documents with random names. They also create an alternate version so if any files change, it will stop what it’s doing to prevent the files from being encrypted.

Prevent the User from Clicking

Awareness and training are the best ways to keep users from clicking suspicious links that could lead to a security breach. Phishing testing is a great way to help educate users. Typically, this is done by sending an email that appears to be from the IT department or another person within the organization, essentially misrepresenting someone. That email will contain a link and the email will be monitored to see if users click it. Research suggests that 27% of users will click a fake email if it makes it to their inbox. By monitoring the email, you are able to see exactly who clicks through the test and you are able to put a plan into place to make sure users understand what they did and the risk it brings to the organization. The great news is after one year of training, the number of users that still click through the test drops to 2%.

Prevent the Loss of Data

Hoping that an attack and loss of data doesn’t take place is not a strategy. Planning is what builds the strategy, and a good plan and the right technology makes all the difference. A few good practices to include in your planning and strategy include:

  • Backups – Do you have them? Do your backups work? A general rule of thumb is that you have three copies of everything stored in at least two locations.
  • Proper Storage Hygiene – You need to know you have your backups in the right place, and with a quick test you should know where you stand and if you need to change your process. First, create a new file in a place you know is backed up. Write a word in it and set a reminder for one week. At the one week mark, delete the file and then wait one more week. After that week has passed, reach out to your IT vendor and ask them to restore it. If they can, your backups are probably working properly. If not, they probably aren’t working in other parts of your organization and it’s time to make some changes. You should also conduct backup audits. While this is user-driven, you want IT that’s in place regardless of the user’s needs.
  • Disaster Recovery Plan – Do you know what your plan is if something happens that destroys your server room? How long can you plan to be offline? How will you notify your clients? What is your plan for getting work done in the meantime? A disaster recovery plan should cover this and more.

Rocket IT is here to help you plan, prepare, and protect your organization from ransomware attacks. For more information, watch our recent webinar or contact us to schedule a time to discuss your concerns and learn how we can help.

Posted in