Imagine turning on your computer one morning and discovering that you and your employees are locked out of the system. If you want to view your data again, a threatening message will appear on the screen asking you to pay a ransom. You check your backups and they have been destroyed. Your business is at a standstill and you are losing money every minute. It sounds like a nightmare, but for many companies, ransomware attacks are all too real. Even more troubling is the dramatic increase in reported ransomware attacks since the start of the COVID-19 pandemic.
Ransomware: the basics
Ransomware is not new. This is a type of malware that can lock down a network and deny access to critical business data unless the victim pays a ransom (usually in the form of Bitcoin) to the attackers.What yes The difference is that industry sources report a significant surge in the number of ransomware attacks in 2020. Why now? Because cyber attackers are looking to take advantage of the rapid transition to remote work and the uncertainty companies have experienced during the turmoil of recent months.
As ransomware has grown into a serious business, attackers have become increasingly sophisticated. They focus on penetrating corporate networks, sometimes specifically targeting corporate backup systems, making it difficult or impossible to repair the damage caused by the attack. They often target financial and other sensitive personal information and, in some cases, use ransomware to turn victims’ computers into zombie machines to mine cryptocurrency.
Do you think ransomware only attacks large companies? Think again. Every company is a potential target. While some attackers target high-profile companies with the resources to pay large ransoms, industry sources say the average ransomware payment last year was in the tens of thousands of dollars. In fact, recent attacks have targeted non-consumer-facing manufacturers as well as some entities in the nonprofit sector—school systems, state and local governments, universities, medical centers, and more.
How attackers are exploiting the pandemic
Phishing and other forms of social engineering remain the most common ways attackers infect networks with ransomware. Phishing emails may ask recipients to click on a malicious link, open an attachment containing malware, or “confirm” system credentials. Targeted attacks (sometimes called spear phishing) may use techniques such as email spoofing, where a malicious message appears to come from a colleague, such as a manager or CEO.
The COVID-19 pandemic has proven to be a particularly useful bait for ransomware attackers. Taking advantage of people’s fears about the coronavirus, attackers may send malicious emails that appear to come from legitimate sources such as the World Health Organization or the Centers for Disease Control and Prevention. Attackers also hide malware in pandemic-themed PDFs, Word documents or audio files.
How to help protect your business
Prevention remains the defense against ransomware, and the pandemic makes it more important than ever for businesses to protect against this threat. Experts recommend taking some common-sense steps to reduce the risk of your business becoming the next victim of a ransomware attack:
- Keep your network patched and make sure all software is up to date.
- Back up your systems regularly and keep these backups separate from your network. Use separate credentials for backups so that even if your network is compromised, your storage remains secure.
- Maintain good online hygiene. For example, knowing which devices are connected to your network so you can determine whether you are exposed to malware. Implement technical measures that reduce risk, such as endpoint security, email verification, and intrusion prevention software.
- be prepared. Make sure you have an incident response and business continuity plan. Test ahead of time so you’re prepared if an attack occurs.
- Train your employees how to recognize phishing attacks and other forms of social engineering.
Should the company pay the ransom?
If targeted by a ransomware attack, companies that take defensive steps to protect their backups can increase their chances of restoring their business with minimal damage and disruption. But what if a company doesn’t have reliable backup?
If you are the victim of a ransomware attack, step 1 should always be to contact law enforcement – for example, your local FBI field office.
The next question companies ask is whether they should pay the ransom. Most law enforcement agencies do not recommend paying if you have other options. For one thing, paying the ransom doesn’t guarantee you’ll get your data back. On top of that, ransom payments reward attackers and may further fund criminal enterprises that break the law. For example, the U.S. Treasury Department’s Office of Foreign Assets Control recently issued a warning to all companies that paying ransoms may violate OFAC’s prohibition on providing financial support to sanctioned countries or regions. This means you may be fined for paying the ransom.
The best defense against ransomware is to have alert personnel trained to spot the first signs of a ransomware attack. Teach new employees not to click on links in emails or respond to calls or messages asking for personal information or network credentials. Taking a “CSI” approach—explaining how cyberattackers try to lure their prey—may get the message across better than a simple list of prohibited behaviors. Ask experienced employees for regular review sessions to reinforce basic knowledge and educate them on new techniques and schemes used by cyberattackers. (If you haven’t held a staff meeting to address coronavirus-specific scams targeting your business, now might be the time.)
The FTC has data security resources for businesses of all sizes and in any industry, including cybersecurity training materials for small businesses and ransomware modules. Looking for more information? Watch this FTC video.