Security

Worried about ransomware? Here are 3 things IT leaders need to know before the next big outbreak

It's only a matter of time before another WannaCry-style ransomware outbreak, but you don't have to be a victim. Here's what IT leaders need to know in order to safeguard themselves and their users.

Ransomware: It's a fast-growing form of malware that has the potential to disrupt business in a huge way. Some, like the recent WannaCry outbreak, even have the potential to spread from computer to computer.

Ransomware's continued spread may be due to how simple it is to use. After all, why do all the work of harvesting information from a victim when you can just wait for them to send you money?

In short, it's dangerous, it's spreading, and it could disrupt your entire network. If you're a tech decision maker you need to educate yourself on this growing threat. Eric Ogren, cybersecurity analyst at 451 Research, spoke with TechRepublic about some important things you may not know about Ransomware.

1. Ransomware operations are sophisticated, but not cutting edge

It's not just a couple of people sitting in a cramped room trying to steal your money—ransomware operations can get pretty sophisticated. "Some ransomware organizations even have help lines if you aren't sure how to use Bitcoin," Ogren said. "They're surprisingly sophisticated."

SEE: Despite hype, ransomware accounted for only 1% of malicious programs in 2016, according to report (TechRepublic)

Sophistication doesn't mean ransomware companies are on the cutting edge of advanced technology, though. When it comes down to it ransomware campaigns, however advanced their encryption methods and worm capabilities, are using old, well-known tricks to proliferate.

Phishing attacks are the most common methods of spreading ransomware, Ogren said, "because it's so much easier. Why waste time trying to write scripts to break through security when you can just rely on a person to make a mistake?"

Once a piece of ransomware is on a system it isn't doing anything unknown either: Most are exploiting well-known, and likely already patched, flaws. Recent ransomware outbreaks have been perfect examples of this exploit—those who fell prey to WannaCry and Petya were all lacking an essential security patch that Microsoft had released in March 2017.

2. Most people don't pay

Of those hit by ransomware, according to 451 Research (note: study is behind paywall), 81% don't pay. Instead, they simply reimage the affected machines, and the majority of those restore from backups that minimize data loss.

Excepting ransomware that worms its way into the BIOS, wiping and reimaging is certainly the best solution for getting rid of ransomware. That's cold comfort for those who don't back up their data regularly, though, so make sure you have a solid backup plan in place.

"It's not a question of will you get hit by ransomware or other malware," Ogren said. "It's a question of when." He added that businesses should never pay ransoms—all that does is encourage ransomers to keep trying.

If you've heard that companies are stockpiling Bitcoins in anticipation of paying ransoms, you may have considered such a drastic move, but don't—funnel those funds toward establishing a good backup protocol instead.

SEE: Gallery: 10 free backup applications to help you prevent disaster (TechRepublic)

3. There is no silver bullet against ransomware

"You can do everything right," Ogren said, "and still end up getting an infection." Ransomware exploits people in order to spread, and therein lies the problem: Computers can be patched, but a person just needs to see a phishing message that seems like it's real.

Minimizing your chances of getting ransomware is the most you can do. That includes:

  • Keeping systems up to date
  • Training users to spot suspicious emails
  • Making sure your IT department or MSP is ready for an attack
  • Backing up computers and essential data
  • Disabling hyperlinks in email so users can't open phishing messages
  • Blocking attachments from unverified sources

Search for every possible malware ingress point and shut them all down. It won't guarantee your safety, but nothing really will. All you can do is minimize your risks.

Top three takeaways for TechRepublic readers:

  1. Some 81% of ransomware victims just wipe and reimage their machines. Make this your go-to plan when prevention fails, and make it practical by ensuring everything is backed up regularly.
  2. Ransomware operations may be sophisticated, but the software isn't. Most (including WannaCry and Petya) exploit security holes that are known, and in many cases ones that have already been patched. Those who keep up with updates won't fall victim.
  3. Ransomware prevention is never a guarantee—there's always the potential for an infection. All you can do is stay on top of good security practices.


Also see

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox