When we think of crime involving hostages, what often comes to mind is a masked burglar holding up a bank. But times are changing. Cybercrime is becoming more commonplace as our everyday lives become increasingly beholden to computer systems. Now, instead of taking risks associated with stepping into a real bank, criminals can extract money from victims remotely. Recently, you may have heard the term “ransomware,” which describes a certain kind of cybercrime. In this post, I’ll explain what ransomware is and some practical steps you can take to prevent a ransomware attack.
Take a moment to think about how much of your personal identifiable information (PII) is stored online. Then, think about the tools and data you need to do business. They’re connected to the internet too, right? That’s why it’s important to be aware of ransomware and take measures to protect your data. And if you’re a business owner, your employees’ and customers’ data, too.
What is ransomware?
Ransomware is a type of malware (malicious software) that cybercriminals use to demand ransoms from individuals or organizations. When ransomware takes over a vulnerable system, it essentially holds that system hostage. Sometimes, it will threaten to publish private data unless a ransom is paid. Or, it’ll simply hold the system and data hostage so that they can’t be accessed until the ransom is paid. Private data could include social security numbers, addresses, phone numbers, and bank account numbers. Systems could include billing and payment systems, timekeeping systems, and essential servers and databases.
Examples of ransomware attacks that occurred in 2021
You may have seen stories in the news about major big box companies targeted by ransomware. It’s no surprise, as this is an easy way for attackers to obtain large amounts of data for ransom. Some incidents that made the headlines in 2021 include:
Acer hit with 50 million dollar ransom
In March of 2021, the computer giant Acer was hit with a $50 million dollar ransom, the largest known ransom at the time. The ransomware encrypted Acer’s data, preventing access. Even with an air-tight cyberdefense division in their company, Acer fell victim to a cyber attack. Anyone can be a victim, even a company that specializes in computers.
JBS production brought to a halt by ransomware
Ransomware can affect many different industries. Earlier this year, the Australian branch of JBS, a food processing company, was compromised by ransomware. The attack caused the company to completely halt production, which resulted in a huge margin of loss. With tight competition in the meat market, even one day of non-work can cause supply chain disruptions around the globe.
Colonial Pipeline attacked by malware
In May of 2021, the Colonial Pipeline was also brought to a halt by ransomware. The attackers both stole and encrypted critical data, rendering it inaccessible by the pipeline. Although the company paid the ransom, it took several days to decrypt the data and restart the pipeline. The attack is an example of how ransomware can affect not just individual systems but entire infrastructure operations.
Should you pay the ransom?
One question brought up by the above examples is whether the victim should pay the ransom. Experts say no. Currently, the FBI does not support paying a ransom in response to a ransomware attack. “Paying a ransom doesn’t guarantee you or your organization will get any data back,” the Bureau explains. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.” Unfortunately, there is no honor among thieves; once a demand has been made, it’s too late to guarantee the safety of the compromised data or systems. Instead, you should engage your contingency plan.
With technology always growing, the threat of ransomware will never fully go away. But that doesn’t mean you can’t take steps to mitigate the risks. Below, you’ll find a list of tips on how to protect your business from potential threats.
Seven steps for ransomware prevention
As a business owner, it’s your responsibility to protect your employees’ and customers’ data. Here are 7 practical steps to prevent ransomware attacks:
1. Train employees to watch out for different types of ransomware
Most ransomware attacks happen when an employee clicks on a malicious attachment or link. Often, this is due to an employee not knowing an email is malicious.
2. Back up your data
Having a backup allows you to recover or restore your system and its saved data. It doesn’t help with already compromised data, but it can help keep critical business operations running. When choosing an employee timekeeping system, for example, look for one that has an easy import/export utility. We also highly recommend having a business continuity plan in place.
3. Protect your network with a firewall
The goal of firewall protection is to minimize your attack surface. It does this by preventing holes in your network that hackers could otherwise take advantage of. If you have a particular service that monitors your ports, for example, a firewall prevents direct access to that service.
4. Employ the principle of least privilege
Companies should employ a principle of least privilege to minimize exposure to ransomware risk. For example, if an employee with limited access were to encounter ransomware, the effects of the attack would be minimized due to the limited access of the employee. Make sure that only the individuals who truly need admin access to systems have it.
5. Tighten up your email security
Email is one of the main vectors of delivery for ransomware. Almost always, ransomware is triggered by an email attachment or link that takes the user to a malicious site. It’s important to have the proper email scanning tools in place to prevent access to harmful websites.
6. Keep your software current with the latest security updates
This includes your computer’s operating system, patches, applications, and services (especially those exposed to the internet). Also, apply firmware updates as needed for any hardware devices. For example, physical routers often come with pre-installed firewalls. Depending on how long ago the router was manufactured, that firewall might already be out of date.
7. Invest in early detection tools
Intrusion detection software can run in the background and detect ransomware activities like encrypting files. It can stop the encryption or even restore a system from an encrypted state.
Adding these tools and practices to your toolbelt will help you control who has access to your data. In doing so, it also shrinks the attack surface of your business’s online presence. Hopefully, your vendors are taking these precautions, too. You may find it helpful to review our tips for what to do if your solution provider is taken offline by ransomware.
Practical malware prevention – it’s better to be safe than sorry
If you’re not a cybersecurity expert or highly technical, this can all sound pretty overwhelming and scary, but the more prepared you and your business are, the easier it will be to recover in the event of a ransomware attack. Make sure you have people on your team who are comfortable taking the above precautions. Much like buying insurance for your car in case of an accident, making sure your firewall is secure and having a backup of your data can give you the peace of mind needed to operate a successful business.