Ransomware is a growing threat, but there are things you can do to protect your firm
John Simek. Photos by Saverio Truglia.
Ransomware is a growing, $1 billion-a-year industry—and one that has already proven to be devastating to other multibillion-dollar industries around the world.
During a Friday panel at ABA Techshow, Jason McNew, founder of Stronghold Cyber Security, and John Simek, vice president of Sensei Enterprises, broke down the nature of ransomware attacks and what firms can do to protect or remediate their networks from this type of digital extortion.
The panelists noted that ransomware can strike any entity, ranging from national systems like the British National Health Service, to major law firms like DLA Piper to small businesses in any part of the world.
“These people are very talented,” McNew said of the hackers, “and they know exactly what they’re doing.”
Primarily stationed in countries around the old Soviet bloc, the developers of ransomware function as businesses and either run the attacks themselves or sell the ransomware as a service (RaaS) like a software as a service (SaaS).
Ransomware is defined as a malware-malicious software that will encrypt a victim’s computer or network and require a fee, usually in the form of a cryptocurrency, to unlock it.
The software is spread primarily through malicious links or attachments, phishing attacks and lateral spread, like the WannaCry ransomware attack from 2017 which, once opened on one computer, spreads across a network.
Citing the 2017 Internet Security Threat Report from Symantec, Simek said that only 34 percent of victims actually paid the ransom. However, of those that paid only 47 percent received a functional decryption key.
Simek advised the audience to not pay the ransom. If things don’t work out, “there’s no toll-free number for customer support,” he noted.
The panelists say that the core of ransomware protection is a robust backup system. However, Simek said that backups need to be tested on a periodic basis.
If a firm’s backup is in the cloud, then redundancies of that backup system should be made as well—in other words, one backup is insufficient. For the truly business-critical data, McNew said a backup should be stored offsite and “air gapped,” meaning it is not able to connect to the internet.
McNew went on to add a grain of salt, saying that backups are not a silver bullet. Some hackers will wait in a network for months to adversely affect the backup system, rendering the backups useless, before sending the ransomware attack.
Other forms of prevention should include traditional security software, even for Mac users, Simek said. Similarly, both panelists recommended that the audience uninstall Active X, Flash and Java to decrease their vulnerabilities.
There are also detection programs like Trend Micro RansomBuster, Bitdefender Anti-Ransomware Tool, CyberSight RansomStopper, Cybereason RansomFree and Windows Defender that consumers can use.
For those unfortunate enough to fall prey to a ransomware attack, Simek said the first thing is to unplug the computer from the network and shut down the Wi-Fi. From there, NoMoreRansom.org and ID Ransomware will help victims retrieve their encrypted data without the need to pay a ransom.
Cybersecurity companies Avast, Kaspersky and McAfee also provide free decryption tools through their respective websites to aid victims.
This advice is not just for the big firms, as the panelists note that small and medium-size businesses are the primary targets.
Regardless of firm size, however, McNew said that people belong to two types of networks: “either you’ve been breached, or you’re going to get breached.”
Follow along with our full coverage of the 2018 ABA Techshow