Ransomware is portrayed as malware that affects your computer files and in exchange for a “ransom”, control will be returned to you. The reality is that you MAY receive control of your files if ransom is paid……or you may not. In fact, there are strong odds that paying the ransom will not return control to you.
The execution is simple: send a targeted email (spear-phishing) hoping for an uneducated or inattentive recipient. The resulting “click” may not be immediately evident; it may simply wait for a Zero-Dark-Hundred to execute “phone-home” procedure for execution instructions. As you are sleeping or vacationing, your files are encrypted. When you arrive the next morning, there is are instructions for payment and threat of actions if you are non-compliant. You may be denied access to company files or system files either on a user device or a server, depending on how users operate in your business.
As a “business”, ransomware rakes in millions of dollars a year. The proliferation of ransomware “kits” on the dark web, allowing even “script kiddies” (i.e., no programming skills) to create and distribute these ransomware attacks. The sale of legitimate email addresses on the Dark Web provides a high rate of distribution success without knowing the background of the intended targets. Large corporations may be the perceived target, but the reality is that small businesses are much more lucrative as they have the lowest level of security protection with zero response plan.
These are a few of the common protection steps. Your business can be attacked, but you don’t have to be a victim!
1. Back Up
If you take only this one action, you can eliminate “victimhood”. You won’t eliminate “impact” as there will be recovery activities, but you are in a position to continue operations without making a ransom payment. Of course, you need to have tested recovery procedures to insure the recovery success. HAWKi can help can ensure your success with either on-site or cloud backup services.
2. Be Informed; Stay Aware
Ransomware infections result from risky end-user behavior. Phishing emails with malicious attachments or links are the usual delivery vehicle for ransomware payloads. HAWKi has an online threat education program that will train employees in “risk” assessment and test each employee with controlled emails representing these risks. This is a valuable HR tool that can dramatically improve your risk assessment.
3. Systems and Software Updates
Ransomware (and many other malware threats) rely on computer vulnerabilities (hardware, Operating System, or application software). HAWK iLAN (on-premise service) or HAWK iCLOUD services can achieve this protection.
4. Antivirus Software
Virus protection is a must! Besides the usual protection from “malware”, viruses, and trojans, many are useful in defending against these ransomware threats. But there are limitations as malware developers are constantly exploiting new vulnerabilities. On-premise virus protection is only as valid as the updates in the signature database. The thing to realize is that not all current threats are “new”. Many are simply re-packaged and recycled to new targets. Keeping your AV software up-to-date can be a lifesaver. An additional method of protection in our internet-connected world is through the use of AV Perimeter protection. Through the use of a robust firewall, HAWKi deploys multiple levels of threat-protection, including a service that scan all incoming data for threats. Your best protection is the implementation of both a perimeter AV solution and an endpoint AV solution. HAWKi offers both solutions and can integrate both into your intrusion response plan.
5. Strong Passwords
Viruses and phishing aren’t the only delivery vehicles for ransomware. If you insist on utilizing default passwords (such as “admin” or “password” or “123”), you are inviting a program-based intrusion. In the security log of most servers, it is common to find large numbers of “failed logon” attempts. This is an indication of a persistent attempt to hack a “common” user ID through programmed tools. These logs may show thousands of attempts to compromise your system each hour. HAWKi recommends the implementation of password policies implemented within the operating system that dictate password length, password complexity, and password duration. Don’t use the same password for multiple accounts and make sure that your passwords expire and require “replenishment”. HAWKi provides tools and services to implement these protections whether you have an on-premise solution or utilize CLOUD services.
6. Multi-Factor Authentication (MFA)
Two-factor (or Multi-Factor) authentication adds another layer of defense to your security systems. While a strong password is a great first-step, requiring a second form of identification that is supported by real-time random generation delivered to the user on a separate channel (such as phone text messages or email) adds an increased level of security to your system. HAWKi offers a Multi-Factor Authentication service for businesses that recognize the importance of corporate protection.
Cyber-protection is a multi-faceted effort today, requiring tools for both technology deployment and user-training to keep your organization safe from ransomware attacks. Businesses owe it to themselves, their employees, and their customers to protect their business. Contact HAWK iSolutions Group to help you protect your company.
