Ransomware is a type of malware that encrypts valuable digital files and demands a ransom to release them. Back in 2016, the FBI already alerted about a rise in this type of attacks.
The trend has continued through the years, and the number of attacks on SMBs (Small and Medium-size Businesses) is very alarming today. At Consensus International, we’ve sadly witnessed several of these attacks on our own customers recently.
Prevention efforts that start by understanding this type of threats are crucial. A solid business continuity plan in the event of a ransomware attack is a must. Think backup, backup, backup. In this blog, we’ve compiled some Ransomware Protection Tips that SMBs should take into account.
Both in the cases described in the FBI article and the recent cases we’ve seen, victims open an email addressed to them and may click on an attachment that appears legitimate. For example, the attachment looks like an invoice or a quote and it actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.
Nowadays, these attacks are becoming more and more sophisticated and don’t always require a victim to click on a link. In other words, according to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.” (go to FBI’s article)
If the infection is already present, the malware encrypts files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Most importantly, users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. Moreover, these messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.
CISA (Department of Homeland Security Cybersecurity and Infrastructure Security Agency) highlights three basic security tips that can help you protect your data from ransomware:
On a specific FBI document titled Ransomware Prevention and Response for CEOs, they state that a commitment to cyber hygiene and best practices is critical to protecting your networks. The 8 critical questions a CEO needs to ask of its organization to help prevent ransomware attacks follows:
Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?
Have we conducted a cybersecurity risk analysis of the organization?
Have we trained staff on cybersecurity best practices?
Have we implemented appropriate patching of known system vulnerability?
Do we allow only approved programs to run on our networks?
Do we have an incident response plan and have we exercised it?
Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?
Have we attempted to hack into our own systems and our ability to defend against attacks?
We reached out to our Hosting Partners at SLAS Consulting for additional insights or ransomware protection tips for SMBs.
Sidhartha Ibargoyen, President of SLAS Consulting, mentioned that prevention and monitoring is a must. To start, “Front-end protection for your systems should include firewall, antivirus, anti-malware, anti-ransomware, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), and every one of your machines should be protected too.” said Ibargoyen.
SLAS Consulting and many other vendors offer Management of security systems, with firewall and intrusion protection. They perform threat and vulnerability analysis, penetration testing and incident preparation and response. To contact SLAS Consulting and get a security assessment for your network/system you can go to their website.
Andres Castrillon, President of Consensus, added “every company should have a good protection plan on every machine. Keeping backups and securing them is also mandatory. With healthy backup management, you won’t stop the attack on your network or servers, but you will be able to restore operations and minimize the damage”.
There is a lot of information online about ransomware and every business should do their research on the subject. If you have questions about Maintaining HANA backup instances, you can refer to our Guide “HANA Server Maintenance” or contact us for help. As mentioned before, keeping backups won’t prevent the attack, but it will allow you to go back to work minimizing the impact of such attacks.