It's only a matter of time before another WannaCry-style ransomware outbreak, but you don't have to be a victim. Here's what IT leaders need to know in order to safeguard themselves and their users.
Ransomware: It's a fast-growing form of malware that has the potential to disrupt business in a huge way. Some, like the recent WannaCry outbreak, even have the potential to spread from computer to computer.
Ransomware's continued spread may be due to how simple it is to use. After all, why do all the work of harvesting information from a victim when you can just wait for them to send you money?
In short, it's dangerous, it's spreading, and it could disrupt your entire network. If you're a tech decision maker you need to educate yourself on this growing threat. Eric Ogren, cybersecurity analyst at 451 Research, spoke with TechRepublic about some important things you may not know about Ransomware.
1. Ransomware operations are sophisticated, but not cutting edge
It's not just a couple of people sitting in a cramped room trying to steal your money—ransomware operations can get pretty sophisticated. "Some ransomware organizations even have help lines if you aren't sure how to use Bitcoin," Ogren said. "They're surprisingly sophisticated."
Sophistication doesn't mean ransomware companies are on the cutting edge of advanced technology, though. When it comes down to it ransomware campaigns, however advanced their encryption methods and worm capabilities, are using old, well-known tricks to proliferate.
Phishing attacks are the most common methods of spreading ransomware, Ogren said, "because it's so much easier. Why waste time trying to write scripts to break through security when you can just rely on a person to make a mistake?"
Once a piece of ransomware is on a system it isn't doing anything unknown either: Most are exploiting well-known, and likely already patched, flaws. Recent ransomware outbreaks have been perfect examples of this exploit—those who fell prey to WannaCry and Petya were all lacking an essential security patch that Microsoft had released in March 2017.
2. Most people don't pay
Of those hit by ransomware, according to 451 Research (note: study is behind paywall), 81% don't pay. Instead, they simply reimage the affected machines, and the majority of those restore from backups that minimize data loss.
Excepting ransomware that worms its way into the BIOS, wiping and reimaging is certainly the best solution for getting rid of ransomware. That's cold comfort for those who don't back up their data regularly, though, so make sure you have a solid backup plan in place.
"It's not a question of will you get hit by ransomware or other malware," Ogren said. "It's a question of when." He added that businesses should never pay ransoms—all that does is encourage ransomers to keep trying.
If you've heard that companies are stockpiling Bitcoins in anticipation of paying ransoms, you may have considered such a drastic move, but don't—funnel those funds toward establishing a good backup protocol instead.
SEE: Gallery: 10 free backup applications to help you prevent disaster (TechRepublic)
3. There is no silver bullet against ransomware
"You can do everything right," Ogren said, "and still end up getting an infection." Ransomware exploits people in order to spread, and therein lies the problem: Computers can be patched, but a person just needs to see a phishing message that seems like it's real.
Minimizing your chances of getting ransomware is the most you can do. That includes:
- Keeping systems up to date
- Training users to spot suspicious emails
- Making sure your IT department or MSP is ready for an attack
- Backing up computers and essential data
- Disabling hyperlinks in email so users can't open phishing messages
- Blocking attachments from unverified sources
Search for every possible malware ingress point and shut them all down. It won't guarantee your safety, but nothing really will. All you can do is minimize your risks.
Top three takeaways for TechRepublic readers:
- Some 81% of ransomware victims just wipe and reimage their machines. Make this your go-to plan when prevention fails, and make it practical by ensuring everything is backed up regularly.
- Ransomware operations may be sophisticated, but the software isn't. Most (including WannaCry and Petya) exploit security holes that are known, and in many cases ones that have already been patched. Those who keep up with updates won't fall victim.
- Ransomware prevention is never a guarantee—there's always the potential for an infection. All you can do is stay on top of good security practices.
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- SonicWall reports 638 million instances of ransomware in 2016 (ZDNet)
- Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of ransomware (TechRepublic)
- Why the Internet of Things is the next target for ransomware (ZDNet)
- 6 tips to avoid ransomware after Petya and WannaCry (TechRepublic)
- Download: 17 tips for protecting Windows computers and Macs from ransomware (TechRepublic)
- Cybersecurity ebook: The ransomware battle (Tech Pro Research)