Ransomware can quickly cripple a business and the problem appears to be growing, as evidenced recently when the U.S. government issued a warning about Bad Rabbit, a ransomware attack that spread through Russia, the Ukraine and other countries.
Such attacks can be costly for businesses because ransomware infects a computer, blocks access to computer files and demands that money be paid before the computer is “released.” If there’s no data backup, the business could be in serious trouble.
“Most attacks are against financial, medical and retail business sectors,” says Penny Garbus, co-founder of Soaring Eagle Consulting (www.SoaringEagle.guru) and co-author of “Mining New Gold – Managing your Business Data.” “The ransoms are usually $1,000 and most companies pay it. In some cases these days, though, money isn’t the goal. I think they are moving towards more terroristic attacks and are being paid simply to create havoc.”
Unfortunately, even paying a ransom is no guarantee a company’s data will be freed because on occasion the perpetrators demand even more money, she says.
“The worst-case scenario, though, occurs when the attacker has so completely destroyed data files and infected hard drives that they are unable to get the data back,” Garbus says. “The cost can run into thousands or even millions of dollars to get the company up and running again.”
So how does a business protect itself against ransomware? Garbus suggests a few precautions.
- Beware of viruses masquerading as virus protection. Do your research and make sure you’re purchasing your virus protection from a reputable brand, Garbus says. Be careful of virus protection software that appears magically and tells you it detected a virus. If you don’t recognize the brand, ignore the findings. That notification may be a virus itself, Garbus says.
- Install firewall protection. Make sure your hardware and software are protected with firewalls and software that scans the environment for worms, harmful attachments and attacks.
- Set up procedures and protocols for data access. It’s important to make sure access to data is limited. For example, the system administrator role should be handed out to a limited number of employees who should not share log-in information with each other. Also, when an employee leaves, make sure their access is taken away and passwords changed.
- Have backups of all important data. If you have your information backed up in an offsite location, then you won’t lose it to cyber kidnappers. “Whether it’s large companies or small businesses, too often people forget to back up their data,” Garbus says.
- Be careful about Google search results. Sometimes a Google search itself makes you vulnerable. You don’t want to download anything unless you know you are on the correct site. Garbus says the criminal hackers now have very sophisticated strategies to get you to click and download their malware and can infect your environment very quickly.
- Figure out what kind of ransomware you’re dealing with. If your system is hijacked, know this; Not all ransomware is equal and you may not need to pay the ransom. One type of ransomware basically locks you out of your applications and processes. It may create a barrier between you and the computer’s interface so you can’t get past the ransomware attack screen. But the good news is this type of ransomware can be cleansed and your files restored without paying the ransom. A second type of ransomware is more insidious. It encrypts and renames your files so you don’t have any access to them until you give in to the ransom demands.
“Businesses should review their security processes at least once a year,” Garbus says. “You may want to hire an outside source to review security and, if you believe it necessary, even hire a professional hacker to look for holes in your system.”