[BreachExchange] Is Paying up the Only Response to Ransomware?

Mon May 23 19:39:23 EDT 2016

http://www.foxnews.com/us/2016/05/19/is-paying-up-only-response-to-ransomware.html

Imagine walking into your office one morning to find a padlock on your
computer. Sitting at your desk is a masked criminal demanding $5,000 for
the key. Naturally, you hesitate, to weigh the options. Do you pay this
criminal, hoping the key works and he or she vanishes forever? Or, do you
ignore the criminal and spend days trying to recover your locked files?

This is what ransomware is like. It’s a type of malicious software that
blocks access to computer systems until money is paid. Ransomware is one of
the most pervasive threats
<https://www.fbi.gov/news/podcasts/thisweek/ransomware-on-the-rise.mp3/view> to
businesses today, especially with the emergence of crypto-ransomware, which
encrypts files on victims' computers and holds them hostage until a payment
is received.

The impact is huge: CrytpoWall reportedly infected
<http://www.securityweek.com/cryptowall-ransomware-cost-victims-more-18-million-april-2014-fbi>
hundreds
of computers between April 2014 and June 2015, racking in approximately $18
million from victims who chose to pay.

Contrary to popular belief, the worst part of ransomware isn't even the
ransom. The true damages occur due to employee down time, which can last
for days, halting business operations and jeopardizing sales.

Ransomware attacks are growing in frequency, largely due to the increasing
processing power of computers, which enables criminals to encrypt files in
only a few hours, and the rise of anonymous payment systems such as
Bitcoin, which makes it easy for criminals to accept payments with less
fear of being traced.

Hollywood Presbyterian Medical Center
<http://www.npr.org/sections/thetwo-way/2016/02/17/467149625/la-hospital-pays-hackers-nearly-17-000-to-restore-computer-network>
understands
this well after losing access to its PCs during a ransomware outbreak. The
hospital forfeited $17,000 to hackers after employees spent 10 days relying
on outdated fax machines and paper charts.

And there are many other such stories out there: Each new attack serves as
a stark reminder that prevention, containment and business continuity
techniques are crucial to keeping companies up and running in today’s
threat landscape. This especially holds true when advanced ransomware, like
TeslaCrypt
<http://www.engadget.com/2016/03/17/teslacrypt-can-no-longer-be-cracked/>,
adds features that are “impossible" to crack.

It’s clear, then, that ransomware doesn’t discriminate. A recent report
<https://www.intermedia.net/report/ransomware?utm_source=Press%20Release&utm_medium=PR&utm_campaign=ransomware>
revealed
that 48 percent of IT consultants surveyed across 22 different industries
said they'd witnessed an increase in ransomware-related support inquiries
in the previous 12 months from small businesses and enterprises alike.

So, no business or employee is safe. What can businesses do to prepare for
what seems an inevitable ransomware attack? And, how can they avoid paying
the ransom which will only serve to encourage criminals to repeat their
wrongdoing? Here are three strategies:
*1. Implement email defense software.*

First and foremost, companies need to ensure that their email defense can
recognize and block malicious web pages, or infected USB drives and zip
files. For this reason, email defense solutions adopted need to go beyond
anti-spam and virus-scanning; they should be sophisticated enough to
recognize and block phishing attempts, which can spread ransomware.
*2. Educate employees.*

Email is the most common infection vector for ransomware, making it
imperative that businesses create strong education programs to train
employees to spot suspicious activity. Ransomware is hard to pinpoint, so
it’s important for employees to know what to look for.

Additionally, these education programs should notify employees of the
appropriate steps to take once a device exhibits the behavior of an
infection. For example, do employees know to close their computers
immediately in the event of a suspected ransomware attack? Do they know to
take their computers directly to IT, so IT can isolate the device from the
corporate network?
*3. Set up real-time backup systems.*

During a ransomware attack, what matters most is how quickly a business can
get its employees back to work. Businesses are finding traditional back-up
and file-sharing solutions inadequate because they don’t operate in real
time.

Employees should be able to instantly roll back their file archives to a
point immediately before the infection hit and access their files from
alternate devices. Modern business continuity solutions that combine
real-time backup, mass file restores and remote access can combat threats
by minimizing the crippling effects of down time.

Infected users can stay productive, and businesses can dodge the need to
pay a ransom -- which may or may not actually release the locked files.
According to a recent study
<https://www.intermedia.net/report/ransomware?utm_source=Press%20Release&utm_medium=PR&utm_campaign=ransomware>,
19 percent of companies that paid ransom didn’t end up getting their files
back.

While businesses can’t control when they are attacked, they can control how
well they are prepared. Many businesses have plans in place for natural
disasters, power outages and other disruptions. Few have “e-crisis”
response plans for threats like ransomware. It’s one of the reasons why
ransomware is so disruptive for businesses and so profitable for criminals.

So, don’t give into cyber criminals by offering up Bitcoin payments, and
shedding tears and suffering lost business. Instead, build out a continuity
plan that keeps your business running as usual even during a ransomware
outbreak.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160523/09d1598b/attachment.html>