Time To Get Ransom Aware
04 May 2016
2016 has witnessed an explosion of cyber security breaches involving the use of Ransomware; which in some cases has resulted in organisations being left completely immobilised.
In February a large US-based hospital lost access to all computers systems and files, because of one successful phishing email. In the space of a week the hospital was forced into an almost complete standstill with staff members reverting to traditional pen and paper.
As with most cyber security incidents, the hospital in question had not taken the adequate steps to prevent, prepare and respond to a cyber-attack. Having failed to identify that they were under attack in the early stages, their options to counter the attack were limited. As a result, the hospital was forced to pay the hacker(s) $17,000.
What is frighteningly clear in this example is that without access to information, organisations simply grind to a stop. But this needn’t be the case. By investing in your ability as an organisation to identify and respond, as well as to prevent a cyber-attack, organisations can minimise the harm caused by Ransomware campaigns.
So what is Ransomware? Ransomware is a type of malware that restricts access to the computer systems, and more specifically, the information they hold by encrypting the data. Typically, the infected organisation is left with a ransom note setting out the situation, the amount they need to pay and instructions for restoring access to the encrypted information.
Late last year, Joseph Bonavolonta, Assistant Special Agent in charge of Cyber and Counter Intelligence at the FBI made the following statement about Ransomware: “The Ransomware is that good... To be honest, we often advise people just to pay the ransom”. While your default position may be to pay the ransom in line with this advice, it’s worth bearing in mind that paying a ransom is not a guaranteed to result in the release of your data. Instead, we would recommend that in the event of a Ransomware attack, organisations should start by establishing the facts because it may still be possible to return the business back to normal operation without caving in and funding cyber-crime. Steps include:
- Being aware of your ransom deadlines. This aspect is very important because when it comes to Ransomware there are multiple thresholds. For example, once a threshold has been surpassed a new deadline may be imposed with a higher ransom.
- Knowing what you’re infected with. By understanding what type of Ransomware you have been infected with you can gain an understanding as to how the particular malware operates. Importantly, many forms of Ransomware contain weaknesses that can allow you to decrypt and restore your information.
- Checking your backups. Depending on your backup and disaster recovery strategy, it could be that you are able to restore your data with minimal impact to the organisation. The key point here is to make sure that the backup data hasn’t been compromised and that the source of the outbreak has been dealt with.
- Accepting loss. In many cases, depending on how quickly an organisation can respond and the type of information that has been encrypted, a genuine response strategy could be to accept the loss. Critical to this is ensuring that you understand what data has been impacted and its purpose.
When it comes to Ransomware, prevention is always better than cure. While some infections of Ransomware originate through technical weaknesses, many are the result of human vulnerabilities. Training your staff on common cyber security and investing in creating a human firewall can prevent most forms of Ransomware. Furthermore, in the event of a successful breach, a robust human defence will help ensure a strong and effective response.Receive our monthly newsletter