What is ransomware?
Ransomware attacks continue to grow in number and sophistication. If you are responsible for IT and security management in your organization, knowing how to protect your organization against ransomware is a must.
For example, a May 2019 ransomware infection hit the city of Baltimore’s computer system. The attack affected hospitals, vaccine production, airports, and ATMs. The total cost? Estimated around $18 million.
What is ransomware?
Ransomware is a malicious program. It can infect a single computer or a network of computers, encrypting the data, making it inaccessible. Upon infection, the cybercriminals communicate their demands, often a ransom that must be paid in order to decrypt the data.
How does ransomware work?
A ransomware program activates and infects a computer when a user:
- Clicks on a website link or a link in an email
- Opens an attachment in an email
Once activated, the malicious program runs an encryption program shutting down access to the computer. At this point, the device becomes useless. If you have a back-up in place, you can shut down the infected PC and quickly redeploy a new one. If you don’t, you are stuck deciding if you will pay the ransom or just lose the data.
Why do ransomware attacks continue to increase?
Ransomware cybercriminals make a lot of money on these attacks. Most ransomware scripts are not amateur efforts. These are done by highly advanced international crime rings that are well-financed and run like a business.
The ransomware programmers, also called authors, have a huge incentive to invest in developing new and more advanced encryption algorithms. They also continue to evolve the delivery of these programs to ensnare companies and force them to pay the ransom.
Attackers don’t seek to bankrupt their targets. They aim to infect as large a number as possible to get as many people as possible to pay. And as noted in the statistics at the beginning of the article, Bitcoin remains the preferred payment method, posing another costly and logistical challenge for organizations that suffer an attack.
Estimates show ransomware costs small businesses $75 billion a year
How to protect your organization against ransomware
To protect yourself against ransomware, you need to implement a three-point strategy.
#1 – Deploy essential security measures.
- Block infection from reaching your network by securing your mail and web gateways. Deploy packet inspectors to scan and block fraudulent emails and prevent users from accessing known malware generating websites.
- Patch all applications, and patch them often. The Wanaycry and Petya ransomware that decimated networks around the world, causing billions in damages, relied on an exploit that Microsoft issued a patch for 3 months earlier. People who patched their systems regularly were not affected.
- Recognize antivirus software is your last defense, not your first. You should still have a strong and up-to-date AV software, but understand that if a ransomware attack gets on your network and to the endpoint, it may be too late. Malware writers constantly change their attack vectors to exploit newfound vulnerabilities in software. Keeping your virus definition files up to date is essential, but the last hope to stop the latest threats.
#2 - Educate your users.
Your users must know how to spot ransomware. For example, they should never open a file from anyone until they confirm the email address. Just because the name of the sender says it is your bank doesn’t mean it is; the actual email address might read [email protected].
This is a vital step in preventing targeted attacks. The better educated, the lower your risk. At the same time, you must be realistic. It only takes one accident to compromise an entire network. Regular training helps reduce the chances of accidents.
#3 – Be prepared for an attack.
- Maintain a good set of backups. With a good set of backups, you can simply retire the infected PC, deploy a new one with the backed-up data, and get back to work.
- Keep backups disconnected, or offline, from the main network. The Petya virus was able to spread so fast because it used Windows management tools to spread from computer to computer, infecting data as it went. It could also infect network-attached storage connected to the network. If your backup copies are on the network, they could also be encrypted making them unusable. Tape backups have made a comeback because of this reason. Offline remote backups are also an effective way to mitigate infection.
- Pay and pray? If you have been infected, and you do not have a good set of backups should you pay the ransom? If you do, you embolden the attackers. If access to the data becomes a matter of life and death, like with hospitals that have been infected, you may have to pay and hope that you are dealing with an ethical digital gangster who will really return your data. These situations are a big reason cyber liability insurance has become so popular.
Protecting yourself from ransomware
Increased remote workers introduce new opportunities for cybercriminals to wreak havoc on organizations of all sizes.
Implementing the three strategies outlined in this article offers the best approach to protect your organization against a ransomware attack. If you have questions about how to do this, one of our managed security service professionals will be happy to speak with you. Please do not hesitate to contact us and see how we might help.
Source : https://www.ricoh-usa.com/en/insights/articles/what-is-ransomware
News & Events
Keep up to date
- 09Dec
Free RICOH Webinar Series : "Beyond the Limits: Cloud-Powered Security, Networks, and Data Analytics"
- 06Dec
RICOH Thailand has received the Operator Recognition Award for over 20 years of continuous Thai green label certified, along with the annual Green Label Certification Award from the Thai Environmental Institute (TEI)
- 04Dec
Ricoh selected amongst the Financial Times “Best Employers Asia- Pacific 2025”
- 14Nov
Ricoh IM C320F Wins a 2025 Pick Award from Keypoint Intelligence