Elon Musk may have been talking about bigger things than Ransomware when he said, “Some people don't like change, but you need to embrace change if the alternative is disaster. “
But when Ransomware hits your organization you will be ready for change! If you are an IT manager, a cluster of thoughts will be flying through your head. Why didn’t I check the backups? Why did I delay the software update? Why didn’t I take this issue more seriously, earlier? Whatever the thoughts you may have, the internet is a big bad place, and it pays to know the what, how, and why of the dangers.
Ransomware is a type of malware that targets vulnerable servers, desktops and end point devices including Windows, Mac, Linux and Andriod devices. The first 3 months of 2016 the number of reported ransomware cases in Japan was 870. Once infected, the ransomware will systematically encrypt files visible on the hard drive, direct attached storage, and network shares. Ransomware arrives as an email and looks legitimate with an attachment or link with your name. 50% of users can't accurately identify ransomware as a type of threat that prevents or limits access to computer data. 93% of phishing emails now contain ransomware and an average ransomware bribe is roughly the same as a car payment of $500. 120 days is the average time between initial ransomware compromise and discovery. When the system or device is compromised malware scans files to encrypt; access to data and or files on the device is prohibited and the user is informed of a ransom to be paid. Malware encrypts files on connections that can be seen without authentication on Direct attached storage (USB drives), network attached storage, mapped drives and shares like Dropbox, Onedrive and Google drive. You have two choices. You can pay the hacker or restore from backups.
The stakes are high. The FBI says that if a hack involved ransomware then “Just pay the ransom.” The FBI wants companies to know that the Bureau is there for them if they are hacked. But if that hack involves ransomware, the FBI is warning companies that they may not be able to get their data back without paying a ransom. Not only do hackers demand users to pay to regain access to device data or files, they demand payment or data will be destroyed. Other tactics include an increasing fee as time elapses, or they may demand payment or increments of data will be destroyed. Even if you pay, there is no guarantee you get your data back. If the encryption was faulty and the description key doesn't work the hackers don't care.
User awareness is absolutely essential. The BBC reports there are now more than 120 separate families of ransomware that criminals use, which is an increase of 3,500% compared with the same period last year. Assume you will be breached and attacked by Ransomware because the financials work. Ransomware is good business for hackers with a nice ROI; Blueshift informs that exploit kits sold for $3,000 can make over $100k per year at one $300 payment per day. Be prepared; prepare for the loss of data at a given point by creating backups of your critical data. 120 days is the average time between initial ransomware compromise and discovery. So, backup your data; deploy a solution to detect and block ransomware in its initial stages.
What you can do
Best Practices Against Ransomware
Now is the time to embrace change, and it pays to have an alternative to disaster with backups, redundancy, isolation, testing and good organization.
Welcome back to my series of how I apply Yoshinkan Aikido in Business.
Thanks for coming back!
I summarized Part I of this series with the thought that, "We should all remember that we need to stay focused on our goals, to ...