Protecting your Business from Ransomware

Ransomware is a common type of malware frequently targeting individuals and businesses. Generally speaking, this malware attempts to encrypt your files and data so you cannot access it. At the same time, the criminal behind this attack will request payment of a ransom (often utilizing crypto-currency such as Bitcoin) with the "promise" that they will decrypt or "unlock" your data for you.

Unfortunately, paying this sort of ransom carries even more potential problems for you:

  • Furthering Criminal Enterprise - The people and organizations who carry out these ransomware attacks are criminals (at best) and often times may use their ill- gotten gains to carry out or further their other types of criminal enterprises such as human trafficking, organized crime or terrorism.
  • No Guarantee of Recovery - If you are paying a ransom there is no guarantee that you will get your data back and worse still no guarantee that your IT systems are not otherwise compromised. If you do manage to retrieve your data by paying a ransom, can you trust that your data has not been alterted or that your private records have not been shown to other bad actors?
  • Covering Up Tracks - Sometimes a ransomware attack is just one piece of a multi-staged cyber attack. Perhaps something worse is lurking in your network and you may not even be aware that it is there? A ransomware attack could be a distraction to keep you occupied while criminals try to achieve their "true goal".

If you are the victim of a criminal act, such as a ransomware attack, we recommend that you consult with the proper authorities and your legal counsel to determine your next best step. It is important to realize that you are the victim of a crime and that law enforcement agencies are there to help you and to catch the perpetrator.

However, it is wise and prudent to be prepared for these sorts of attacks. In addition to the basic Security Best Practices we recommmend for all businesses there are steps you can take to make yourself resilient to a ransomware attack:

  • Off Site Data Backup - Having a backup system that is off site, on a separate network, utilizing different storage media from your live data can help prevent the spread of a ransomware attack. If ransomware is not able to corrupt or infect your backup data, you will be able to quickly "purge and restore" your data without ever having to consider paying a criminal for your data.
  • Limit Access - Many types of malware will impersonate individual users (using their account permissions) to access data stored not only on their PC, but also on network shares and other network accessible file storage locations. If you restrict access to those documents which are most critical to only individuals with a "need to know" you can reduce the overall attack footprint you may suffer in the event of a ransomware attack.
  • Separate Authentication - Some advanced types of malware will scour your network for any sort of "global administrator" credential and use that to attack industry known backup servers or systems. Having a separate authentication structure and an independant administrator credentialling system for your backup system and data storage can help prevent the spread of an infection and protect your ability to recover your data.

Unfortunately, there is no miracle cure (though technology "snake oil salesmen" are prolific) which will absolutely prevent malware from infecting your network or a ransomware attack from occuring. However, by being aware, taking preventative measures and talking with your employees about the risks you stand a much better chance of being able to reduce the liklihood you will have a problem and recover more quickly should the wosrt ever happen.