Greg Jehs

10.12.2020

Imagine arriving at work one day and turning on your computer only to find a message instructing you to transfer several thousand dollars in Bitcoin to an unknown location by a specific time or all your data will be locked forever. This sounds like a nightmare scenario but is becoming more common every day across the globe. From major media corporations to state and federal governments, ransomware attacks have become a threat to the global economy. But what is ransomware, where does it come from, and how can you protect yourself and your company from it?

What Exactly Is Ransomware?

Ransomware is a form of malware that gains access to an infected system and blocks the ability of the user to interact with it, other than seeing a message from the attackers. The goal of ransomware is to extort money from, or even blackmail, the victim. The most common form of ransomware, as described above, encrypts data on a system making it unavailable to end-users. In some cases, the attackers will threaten to make all data on the system public. In a somewhat surprising turn, paying the ‘ransom’ will indeed result in the attackers releasing your data in most cases. This trend does not, however, mean that you should pay the ransom as it is likely that the attackers will maintain access to your system and may demand payment again.

Where Does Ransomware Come From? Who Are the Likely Targets?

Ransomware attacks utilize the same methods as any other form of a computer virus for delivery and exploitation. The most common way is through phishing or sending a misleading email to an individual who will click on the link and unknowingly download the virus. Other methods of infection include unsecured wireless networks, unauthorized logins, or even physical methods, such as a planted USB drive or theft of a computer. In the past, ransomware was considered overly sophisticated for the majority of small parties; most ransoms were conducted by state actors such as North Korea, Russia, Iran, and China. However, as more code has become public, it has become much easier for private groups and cybercriminals to develop and implement ransomware attacks. The groups most at risk of a ransomware attack are those where any disruption of operations would be catastrophic such as major corporations, healthcare organizations, and governments.

How Do You Protect Yourself?

Although a ransomware attack can be devastating, careful planning and high-quality network security practices can help you evade attacks or mitigate damage. With the constant arms race between hackers and security providers and the unavoidable risk of an employee making a mistake or clicking on a fake email, no system can guarantee 100% protection. However, developing a comprehensive security framework will limit exposure and help an organization react during and after a security incident. The following steps can be taken to help minimize risk and loss.

  1. Invest in Anti-Virus Software: Systems are threatened by new viruses every day. Updating your anti-virus software often means your systems contain the latest files needed to combat the new behavior of viruses.
  2. Practice Vulnerability Management: Vulnerability management is a robust end-to-end identification and remediation service that leverages sophisticated internal and external vulnerability scanning coupled with OS patch management to ensure the highest level of discovery and resolution.
    1. Vulnerability Assessment: Vulnerability assessments detect and identify weaknesses in a network, and are used to gauge how susceptible a network is to different security threats. Vulnerability assessment services use network security scanning tools to provide a thorough evaluation of the security posture and recommend appropriate steps to mitigate or remove risk.
    2. Penetration Testing: Pen testing assesses the effectiveness of your security controls by simulating a real-life attack. A pen test is less about uncovering vulnerabilities and more about replicating a breach to see how an attacker would be able to compromise a network security system. Like a vulnerability assessment, penetration testing is necessary for revealing unknown security weaknesses that could result in a compromise.
  3. Train Your Employees to Recognize Threats: The weakest link in any security plan is the employees at your organization. Human beings are susceptible to social engineering and phishing attempts that make it through your technical security defenses. Ensure that you have regular training and communication to your employees to keep the risk of ransomware and other security threats at top of mind. Enable your employees to report suspicious activity with a clear action plan to respond to potential threats.
  4. Work with a Security Company. Many small businesses don’t have a designated IT team on staff to monitor the security posture of the business. Even if you do, it is beneficial to hire a managed security service provider (MSSP) to identify, prioritize, and remediate vulnerabilities in order to ensure the utmost level of security is always being pursued. To help achieve compliance and protect against attacks, Meridian customizes our processes, reporting, and workflows to your organization’s unique needs, devices, software, and roles.

While the threat of ransomware will likely continue to grow, hope is not lost. With the right MSSP, you can eliminate unnecessary disruption across the organization. Meridian IT’s security services focus on providing threat-centric security solutions across the entire network to help customers be strategic, proactive, and responsive to security incidents. Get your complimentary vulnerability assessment today by calling +1 (888) 835-3815 or sending an email to sales@meridianitinc.com.