Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It is an access-denial type of attack that prevents legitimate users from accessing files[2] since it is intractable to decrypt the files without the decryption key. The use of ransomware scams has grown internationally. Security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013. This number has grown in recent years. In fact, every week seems to bring news of another case of ransomware.
In April 2016 The Unites States and Canadian governments released a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and crooks demand payment for it to be unlocked. The US Federal Bureau of Investigation reports that ransomware attacks are not only proliferating, they’re becoming more sophisticated. So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas: 1) Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls; and
2) The creation of a solid business continuity plan in the event of a ransomware attack. (Source: FBI Cyber Report 4/2016)
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, and large businesses are all on the radar of cyber attacks of ransomware. The FBI and US government has given an official guide on what to do in the case of a ransomware attack on your business. Please read on for their suggestions.
Prevention Efforts
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
- Ensure antivirus and antimalware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
- Configure access controls, including file, directory, and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts
- Back up data regularly and verify the integrity of those backups regularly.
- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
If you don’t know where to begin or need to beef up your security protocol call M&H for a security evaluation and implementation.
Categorised in: malware, ransomware, Security