Protecting Against Ransomware Attacks: What Every Business Needs to Know
July 11, 2017
Nearly a month ago, threat vectors infected more than 230,000 computers in 150 countries worldwide using ransomware, a type of malware that blocks or limits access to a system until a ransom is paid. As a result of the WannaCry ransomware attack, a multitude of organizations – including hospitals in England and Scotland – were forced to halt business operations as critical systems were locked up. The smallest impact of this attack was roughly $50,000 in Bitcoin payments. More severe was the locked down and lost or compromised data.
This type of attack could happen in any industry given how easy it is for hackers to execute. Usually, hackers simply email a link to a victim that, when opened, downloads the malicious software that encrypts files on their network until the hacker receives the ransom. An attack would go beyond credit card theft at the POS portal, to a full ransomware attack where all systems are locked down and millions in revenue could be lost per day. Not only does a breach hurt the consumer, it can be detrimental to the bottom line and brand reputation. For a small business, it could put the owner out of business altogether, depending on the severity.
“We are not far away from a major breach of a POS system that has nothing to do with stealing credit card data, but instead is intended to hold the business’ ability to conduct transactions hostage for a large ransom. Stealing credit card data takes months, whereas ransomware takes minutes. It will not be long before cybercriminals utilize ransomware that freezes all of a business’ POS systems, and the ransom will not be for the release of data, it will be for the ability to get back in business.”
– Kevin Watson, CEO, Netsurion
Last year, for example, cybercriminals took over a well-known hospital’s internal system, locking medical professionals and staff out. The hackers demanded a $3.7 million ransom forcing the hospital back into the pre-computing era for ten days while they negotiated. Ultimately, they only paid $17,000 to regain access, but the incident caused a major disruption to the hospital’s work flow and put patient care at risk.
Ransomware should be the number one concern for businesses. Attack frequency is at its height as there have been more than 4,000 ransomware attacks happening each day for over a year now.
Attacks on businesses increased from once every two minutes to once every 40 seconds.
Most businesses experienced at least two days without their systems, loss of profits, and the cost of paying the ransom. While firewalls and anti-virus are standard security measures, it is crucial to realize they are not enough. To help avoid a ransomware breach at your business, consider the following tips.
- Add a managed SIEM. Hotel and hospitality, healthcare, retail, and financial industries should implement a managed security information and event management (SIEM) platform for their remote locations to provide early warnings of ransomware and other cyberattacks. They should also consider a managed SIEM for inside the corporate perimeter as well, unless they have the expertise and resources to properly use it internally. Using a managed service provider with 24/7 monitoring through a security operations center helps ensure consistent security measures are in place throughout your entire system.
- Get PCI compliant. As the Payment Card Industry (PCI) rapidly expanded, the Payment Card Industry Security Standards Council (PCI SSC) developed a set of requirements called the Payment Card Industry Data Security Standard (PCI DSS). These specifications ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI applies to all organizations or merchants that accept, transmit, or store cardholder data, regardless of size or number of transactions.
- Plan for ransomware. Regardless of technical or employee safeguards implemented to prevent ransomware attacks, any system open to authorized access is also open to unauthorized access. Organizations, large and small, need to regularly test response procedures and update them to thwart such incidents, and minimize or eliminate damage to reputation, employees, and customers/patients. Tactics may include plans to engage the information security team or recover the data. Organizations should do everything in their power to NOT pay the ransom and empower the hackers.
- Train personnel. Almost every breach is caused by a human act, whether it be malicious or innocent. Organizations and franchisees should train employees to be wary of suspicious emails and not open them or links inside them, as they may contain ransomware. Employees should also be taught not to send emails to an email address they do not recognize, nor transmit highly sensitive information through unsecured emails, texts, or other communications such as Gmail, Yahoo mail, or text apps on smartphones.
- Back up your data regularly. Backing up data on external hard drives or through cloud storage is imperative today. After all, threat vectors can’t freeze up data that is not on the network or connected devices. The encrypted data can then be restored.
Practice Constant Vigilance
You should always be on-guard against attacks and have a strong plan of response in place to mitigate them – including use of a managed SIEM – which is key for cybersecurity today. Such measures will deter a compromise of reputation, and employees’ and customers’ sensitive information.
Taking such precautions could help end ransomware attacks altogether because they will cease when they stop being profitable. If fewer people click malicious links and more organizations back up their data, while deploying a proper SIEM and managed network solution, hackers will see far less success.
Schedule a free security consultation
and register for Netsurion’s August 1 webcast
, where our global CISO, John Christly, will dive into the ransomware topic and what’s on the horizon.