After experiencing a decline in 2018 and the first half of 2019, ransomware made headlines again last week. With ransomware on the rise again, for most organizations it isn’t a matter of “if” but “when” they will be attacked. That said, there are plenty of steps organizations can take to reduce their vulnerability.
Sudden surge in ransomware attacks
Last week was notoriously bad when it comes to ransomware. First, several companies were hit in Spain, including the country’s largest radio network, SER. Then the IT consulting firm Everis was hit. From Everis’s Spanish branch, the infection seemed to have spread to Everis Belgium and possibly on to other local subsidiaries. The next hit was the government of the sparsely populated Canadian territory of Nunavit.
Going back to October, multiple hospitals and health-care facilities were hit in both the US and Australia. In September, at the start of the new school year in Europe, some educational institutions were paralyzed for months. In May, the US city of Baltimore was offline for weeks and last April a major US beverage company as well as a German based manufacturer came under fire.
Alarmingly, attackers are increasingly leaning towards a more targeted approach. They have learned that governments, health care organizations and educational institutions are more likely to pay higher ransom demands, especially when normal business is likely to be crippled and certainly when lives are at risk. Small businesses, on the other hand, may give in sooner when asked for a “small” sum. However, as we all know, little drops of water make the mighty ocean.
Ransomware attacks have also become a cross-platform threat. In addition to Windows-based systems, thousands of Linux servers have been infected and macOS users have also been attacked.
Not an “if” but “when”
Ransomware typically encrypts files, allowing the attackers to demand a digital currency payment (like bitcoin) in exchange for the decryption key. The general advice is not to pay the ransom, even when the ransom demand is less expensive than taking care of the problem. Paying the ransom encourages cybercriminals to continue their malicious attacks since, from their point of view, they have gotten what they wanted. Thus, prevention is the key.
More and more organizations have put contingency plans in place, which are relatively simple, effective and readily available. These plans include:
- taking regular file backups;
- keeping programs and systems updated and quickly implementing patches;
- encrypting sensitive information;
- enforcing the principle of least privilege (only access to the parts of a network you need);
- protecting the network and servers with antivirus software;
- sourcing an incident response team;
- and cultivating a security-aware culture.
The above steps should be a must for any organization facing (the risk of) ransomware threats.
No more ransoms
To help victims of ransomware, law enforcement agencies such as Europol and IT Security Companies have joined forces to disrupt cybercriminals’ businesses. For example, on the No More Ransom-website victims are offered tools to retrieve their encrypted data without having to pay the criminals’ ransom. They can even upload the victim’s encrypted file in order to check, using “Crypto Sheriff”, whether a different solution is available.