Ransomware is a typeof malicious software where the data on a victim's computer is locked and/or stolen and payment is demanded for access to be returned to the victim. The motive for ransomware attacks is nearly always monetary and, unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions on how to recover from the attack.
While statistics on the prevalence of ransomware differ, it is certain that the problem is getting worse, with the number of organizations targeted increasing, along with the size of ransom demanded. According to Sophos, the average cost to rectify impacts of a ransomware attack for organizations with between 100 and 5,000 employees (including all costs such as people time, lost opportunity and any ransom) ranged from $732,520 when no ransom was paid, to $1,448,458 when the ransom was paid.
First develop a Cyber Incident Response Plan including what to do during a ransomware event. Backups are critical, using a system that allows multiple iterations to be saved. Test restores should be carried out periodically. Do not rely on cloud mirroring.
Keep your systems up to date and scan them regularly for malware. Implement an anti-spam solution to stop phishing emails from reaching the network. Many organizations add a warning banner to emails from external sources reminding users of the dangers of clicking on links and opening attachments.
Disable macro scripts. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.
Keep all systems patched, including all hardware, mobile devices, operating systems, software, and applications, including cloud locations and content management systems(CMS), patched and up to date. Use a centralized patch management system if possible. Implement application white-listing and software restriction policies (SRP) to prevent the execution of programs in common ransomware locations, such as temporary folders.
Restrict Internet access. Use a proxy server for Internet access and consider ad-blocking software. Restrict access to common ransomware entry points, such as personal email accounts and social networking websites.
Categorize and separate data based on organizational value and, where possible, implement virtual environments and physical and logical separation of networks and data. Vet and monitor third parties that have remote access to the organization’s network and your connections to third parties, to ensure they are diligent with cybersecurity best practices.
Participate in cybersecurity information sharing programs and organizations, such as MS-ISAC and InfraGard.
Many companies now buy Cyber Breach Insurance. However, it is unclear to what extent these policies cover ransomware. As with most insurance, it’s good to have it, but don’t rely on it. Prevention and damage limitation should be your first priority. Some damage is still permanent.
Cyber AI
600 B Street, Suite 300
San Diego, CA 92101
General Inquiries 9am-5pm PT:
(888) 8-CYBER-6
(888) 829-2376
Send us a message and we'll get back to you as soon as we can!
