Every 14 seconds, a business around the world is hit by a ransomware attack. While this form of cyber threat was traditionally targeted toward consumers, over the last few years tides have shifted—with businesses accounting for 81 percent of such attacks, according to Symantec’s Internet Security Threat Report.
Given these statistics, it makes sense that ransomware is one of the more common forms of cyber attacks we see in our line of work. Too often, companies come to us after a breach has taken place—when data is already encrypted, and the demand for payment already made. Fortunately, there are ways to minimize the damage while avoiding paying off the bad guys—but to do so effectively, you need to be prepared. Many organizations find out the hard way the damage that such attacks can do, and often underestimate the impact of a total or partial shutdown of their operations.
The evolution of ransomware
When these types of attacks first started to occur, hackers typically encrypted the data on a company’s servers. This meant, if you were lucky, you actually had a chance at getting it back – either by paying the cyber criminals or restoring from backup – without too much additional damage.
Today, however, these attacks have become increasingly sophisticated and more prevalent—largely because the malware used to execute such attacks is now available to anyone on the dark web, for as low as $39 USD. This means virtually anyone—even non-technical criminals—can now breach your network, copy and steal important credentials and sensitive data, and then encrypt your data before they leave. So not only are you locked out of your own system, but the important data is now in the bad guys’ hands.
To add insult to injury, as of November 1, 2018, all Canadian companies are legally obligated to report a ransomware attack that presents a real risk or serious harm to individuals. So, while in the past you may have been able to quietly pay a cyber-criminal to unencrypt your data and avoid public backlash, today that’s no longer an option. This creates even more incentive to focus on preventing a ransomware attack all together.
When it comes to ransomware, one key factor has shown itself to be a critical determinant of how badly an organization is hit: the quality of its backup system.
The power of backup
In many of the ransomware breaches we investigate, not only are the primary networks encrypted, but the backup system is too. This is largely due to weak procedures and practices—costly missteps that are all too easy to prevent.
For instance, in many of the cases we see, the backup system remains online and connected to the network all the time such as an external hard drive that’s permanently plugged into the main network. This means that as soon as someone hacks into that network, they have access to the backup drive as well. To avoid this, you should ensure that at least one of your backup systems is offline at all times and completely separate from your main network. This can be achieved by housing it at an external or offsite location or by utilizing cloud services—and making sure you’re storing offline copies. You should also take steps to regularly test your backup system and restore your data. There’s nothing worse than falling victim to a ransomware attack and finding out, at that moment, that your backup system was improperly configured all along and that your data cannot be restored.
That said, a good backup system isn’t capable of saving a company all on its own. After a cyber-criminal breaches your network, chances are high that they could still be in there. That’s why it’s also critical to conduct a post-breach investigation. Such an investigation can help you uncover leftover viruses, malware or other forms of espionage—and erase any lurking elements that are left with the intention of stealing your data over time.
As with many types of malware, there is no silver bullet to defend against ransomware. Rather, many of the basic cybersecurity steps you can take will help to thwart a ransomware attack. One trend that is clear in many of the ransomware attacks we have seen, is that the victims have often ignored even the most basic steps to protect themselves.
Steps to protect your business include the following:
- First off, cybersecurity awareness at the front line is a key defence. Train your staff to recognize high risk and fraudulent emails before they click on a link or attachment that allows the criminals into your network.
- Following that, it’s important to make sure you have effective anti-virus and anti-malware software installed on all of your systems and take steps to ensure that the software is up to date.
- Many attacks are made easier because the victims have not developed a process to ensure that all the appropriate security patches are installed on their systems. Unpatched systems are an easy vulnerability for attackers to exploit.
There are many more network security measures that can help to prevent these attacks, including storing key data offline, segmenting your network and using good password security practices such as two factor authentication.
Did you know?
On November 1, 2018, Canada’s federal data protection law changed. Organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) must now:
A real risk
Ransomware attacks are a real threat to all businesses—regardless of size or industry. By being prepared, and implementing the proper safeguards, you can avoid costly ransoms, business interruptions, and reputational damage, and get your business back up and running in no time.
To learn more about how Grant Thornton can help your company defend itself from ransomware attacks and other cybersecurity threats, contact us.