What is Ransomware?

Ransomware is malicious encryption software used to take control over an organization’s data. After the data is encrypted, the attacker will demand payment in exchange for the decryption key, usually in the form of cryptocurrency.

Why is it so difficult to prevent ransomware attacks?

Ransomware is a highly-competitive industry and continually evolving with new malware versions that rise and fall in popularity as they become better understood and prevented. Ransomware attacks also vary by the point of entry or exploit used and the resources and skill level of the attacker or ransomware group. There isn’t any single solution that can reinforce every weak point, so every organization must use an individualized, multi-layered approach to prevent ransomware attacks. And even then, the consensus among cybersecurity experts tends to be when considering ransomware risk; it’s not a matter of if, but when.

Who is a target for ransomware?

In short: everything that connects to the internet. The majority of ransomware attacks are against large organizations because of their ability to pay higher ransom demands. Small and midsize organizations are still frequently targeted because their weaker cybersecurity defenses make them easier targets. Public institutions are also likely to have weaker cybersecurity defenses. However, they’re even more vulnerable to attack due to the irreplaceable nature of the data needed for day-to-day functions, increasing the likelihood that they’ll pay the ransom. Attackers set the ransom amount according to an organization’s size and what they can pay while still offering up the better deal compared with the time and expense of rebuilding or restoring the network another way.

How to prevent ransomware attacks

The most important thing any organization can do to prevent data loss from a ransomware attack is to back up data regularly. Periodically testing backups and evaluating backup schedules and retention policies is also recommended. If you end up needing to restore from backups, you’ll want to use a backup from several days or weeks ago, so make sure you have options.

• Keep all software patched and updated. Consider automatic updates.
• Use a trusted antivirus software with anti-ransomware capabilities
• Offer cybersecurity awareness training (ransomware, phishing, and social engineering)
• Run spam-filtering software on email servers
• Use strong passwords
• Enable Network Level Authentication in RDP
• Limit privileges to only users that need it
• Don’t use public WiFi networks
• Change RDP ports from the default settings
• Access RDP over a VPN
• Use multi-factor authentication, if available
• Have a plan for reporting suspicious activity
• Create an Incident Response Plan (roles, methods of communication, list of contacts, templates for press responses)

During a ransomware attack

A ransomware attack often takes place in stages. The initial breach may have occurred days or weeks ago by the time files are encrypted. Affected systems must be identified and removed from the network as quickly as possible. It’s common for ransomware to encrypt specific file types as well as any backup files. Find the backup files and disconnect them from the network. Create a list of affected systems. If possible, identify what ransomware variant the attacker used and where it entered the network. Create backups or images of the affected systems before beginning any restoration process so that you have the option to roll it back if needed. Use antivirus software to ensure all systems are free of ransomware before restoring data from backups.

Resources for contacting law enforcement

Ransomware attacks are against the law, so consider reporting an attack to law enforcement. The United States government has created an online resource at StopRansomware.gov with information and guidance on ransomware. It also provides a central location for reporting a ransomware attack or other cybercrime.

If you have any questions about ransomware and your services here at Vivio, don’t hesitate to reach out to our support team!