Have you ever wondered what would happen if criminals could steal all of your organization’s data?  What would you do if you came to work and all of your information was encrypted and the only way to access it again would require paying a ransom of thousands of dollars?  Unfortunately, this is a reality for many businesses and several of our clients over the past few months.

Like other forms of malware, ransomware continues to pose a significant threat to businesses across the country and here in South Dakota.  Using advanced distribution techniques and encryption methods, attackers continue to find new ways to infiltrate networks and hold data and critical information systems hostage.  However, there are still steps you can take to avoid falling victim to ransomware and protect your business from one of these attacks.

Ransomware is a type of malware that utilizes encryption to prevent users from accessing files or network devices until a fee or ransom is paid.  These attacks can be detrimental to any organization, and recovery in some cases can take months and may require the help of professional data recovery specialists. Many organizations choose to pay the ransom in hope of a speedy recovery.  However, paying the ransom does not guarantee your information will be ultimately recovered, and it is discouraged by the FBI as it just encourages more attacks.

According to Coveware’s 2020 Q2 Ransomware Marketplace report, there has been an increase in low-cost Ransomware as a Service (RaaS) attacks on small businesses this year.  RaaS has made it easier for traditionally non-technical individuals to participate in this type of cybercrime at a relatively low cost.  These attackers tend to target organizations without the security resources necessary to defend themselves, and ransom demands are on the rise.  Coveware reports that the average downtime from a ransomware attack is 16 days, with a median ransom payment of $44,021!

However, there are steps every organization can take today to help minimize their chances of becoming a victim.  The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI’s website both have guidance on how to mitigate and respond to ransomware attacks.  CISA’s latest Ransomware Guide was published in September 2020, and contains prevention best practices and a response checklist to help your organization manage the risk associated with this threat.

The top mitigations and best practices recommended by CISA (https://us-cert.cisa.gov/Ransomware) include:

  • Update software and operating systems with the latest patches.
  • Never click on links or open attachments in unsolicited emails.
  • Backup data on a regular basis. Keep backup files on a separate device and store them offline.
  • Follow safe practices when browsing the Internet.
  • Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services.
  • Enable strong spam filters to prevent phishing emails from reaching end users.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

We encourage all of our clients to consider consulting an IT firm to perform a detailed risk assessment for their network.  Review your organization’s backup plan, ensure all of your key systems are covered, and test your recovery plan regularly. And most important of all, continue to invest in cybersecurity awareness training for your staff.  Empowering users with the skills they need to identify the different forms of phishing emails and social engineering attacks directly reduces a criminal’s chances of a successful ransomware attack.