Ransomware is undoubtedly the most serious cyber scourge for businesses these days. SMEs and large corporations are equally prone to fall victim to online extortionists and losing proprietary data, such as confidential documents and customer records. Reputational harm and stock loss tend to go hand in hand, therefore investors cannot afford to ignore the rampant file-encrypting ransomware epidemic. Companies that add efficient ransomware prevention mechanisms to their incident response planning ultimately beat the competition, while vulnerable ones are more likely to lag behind. All in all, the ties between an organization’s security posture and its stock price are out of the question.
Companies pose a much bigger lure for crooks than home users because the stakes are higher, and so are the ransoms. Recent attacks have demonstrated that organizations are low-hanging fruit for ransomware operators. Many of them still store critical information on online-accessible local servers that can be impacted by growingly sophisticated ransom Trojans.
Nowadays, the malefactors are hitting transportation agencies, hotels, healthcare institutions, universities, libraries, police departments, town councils, churches, courthouses, water utilities and many others. Quite a few end up coughing up the requested ransoms to restore information and move on with their day. In some cases, executives consider this controversial route to be the lesser of two evils, where the disconcerting dilemma is to either lose all important data or support cybercrime.
Interestingly, the ubiquity of crypto threats may have influenced the value of Bitcoin, the cryptocurrency used by extortionists. A lot of U.S. corporations have been reportedly setting up Bitcoin wallets and purchasing big amounts of digital cash lately in order to be prepared for possible ransomware incidents and resolve them quickly. This trend is part of the answer why the price of Bitcoin has skyrocketed since 2016. 1 BTC is currently worth more than an ounce of gold.
To prevent ransomware attacks, your company’s security policy must include guidelines specifically addressing this type of perpetrating code. In particular, all employees should be aware that most of these threats are email-borne, therefore files attached to suspicious-looking emails are potentially harmful and should not be opened. The same applies to fishy links arriving with spam, which may lead to compromised websites hosting exploit kits. Furthermore, the rule of thumb is to maintain a bulletproof data backup with restricted user access and test it on a regular basis to make sure recovery actually works when it’s needed.
It’s also recommended to refrain from paying ransoms right away. Although this may be a necessary measure to bring corporate IT infrastructure back to life, it is the last resort rather than the only option. The issue also has an ethical overtone – every Bitcoin paid is a forcible contribution to the progress of this abominable extortion model. So start with doing some research to identify the ransomware strain that compromised your organization. Then browse dedicated online communities like Bleeping Computer or check whether a free decryption tool is available for the infection.
The ransomware timeline below will help you stay on top of all relevant events and trends in this cybercrime ecosystem. Awareness is half the battle, so stay tuned to safeguard your company against the latest crypto menaces.
About the Author
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.