Ransomware – invest in protection or pay up

You may have noticed that many large companies – including advertising giant WPP – have fallen victim to ‘Petya’. The latest in a series of high-profile ransomware attacks that’ve left companies reeling.

Ransomware is, of course, nothing new. But it’s been growing rapidly as an enterprise threat of late. With a huge proliferation in both groups using it – and tools powering it – taking place since late 2015.

According to KMPG, 44% of all companies have been hit with a Ransomware attack in the past 2 years. And of those, most simply pay up to avoid losing vital data. Many of the smaller attacks are opportunistic – only demanding a single bitcoin for data release. Others – like Petya most probably is – represent large-scale extortion attempts.

And while these attempts have traditionally been ramshackle, one-man-band attempts, they’ve started to become increasingly sophisticated.

But you’ll be pleased to know that even though it’s potentially costly, ransomware is easy to guard against. All it requires is good security posture, and decent hygiene when using online cloud services… which is precisely what many of the victims of ransomware do not have.

 

Three easy steps to avoiding ransomware payouts

  1. Educate your people

Perhaps the most basic way for ransomware (or indeed any malware) to find its way into your systems is through phishing scams. You’d be surprised how many people will just hand out their passwords via email to anyone claiming to work for the IT department. Or more worryingly, for their bank – despite tons of reminders from all banks that they’d never do such a thing.

Establish a phishing policy, and make it perfectly clear to your staff. For more sophisticated attacks and evolutions like ‘spear phishing’ (spoofing a trusted sender to make a victim feel more at ease), your first approach should be implementing user behavior analytics systems to help you identify those most vulnerable.

You should also be thinking about User and Entity Behaviour Analytics – ‘entity’ in this case means specific devices, programs, or services. When one of these starts behaving in a way it usually doesn’t, it’s often a sign something’s up.

We’ve also partnered with Cisco to create a strong preventative solution via Cisco Umbrella’s DNS blocking technology. Even if vulnerable users manage to be suckered by a phishing scam, this technology keeps track of all known scams, and blocks users on your network from accessing them.

  1. Keep an eye on what services you’re using – and how secure they are

Obviously, we have a vested interest in this one. But it’s by far the most common reason for holes in a company’s ransomware defenses. KMPG has specifically identified hospitals as being particularly susceptible to ransomware. This is because hospitals tend to be very large organization that work in very deeply established silos. Dozens – maybe hundreds – of different departments. None of which necessarily know what services are being used by any others – and without strict protocols for passing confidential data between them.

If this sounds like your business, it’s time to undertake an audit of your cloud and on-premise systems, and work out who’s using what, when, and for what. (We can help you do this with out Cloud Discovery Audit service.)

  1. Get permissions right, and make them easy

Identity access management is a thorny subject for many companies. It’s not enough to mandate a password change every six months anymore. Especially when many of your employees have to keep track of ten or more passwords for different services.

‘Password chaos’ inevitably leads to disaster – the best that can happen is that your employees end up locked out of key services. The worst that can happen is one of their many passwords is compromised – either because they left it written down, or made it a little too easy to guess.

Head this one off at the pass by equipping the company with a single-sign on system they can use for everything. And an identity and permissions policy that works for the whole business.

You can’t anticipate every exploit the NSA leaves behind in your software on its quest to make the world a safer place. But you can take care of the basics – and not taking care of the basics is what’s most likely to cost you dearly in the long term. Speak to us if you need to know more – we can help you guard your organization against all the threats covered in this article today.