Defending from Ransomware in 2017

As far as malware goes, ransomware poses one of the biggest threats to businesses today, costing an estimated 2.4 million per year.

Infection occurs through email phishing, in which the attacker sends an unwitting target a seemingly innocuous email embedded with a malicious link which installs malware when clicked.

Once installed, ransomware will begin encrypting files and/or entire drives, rendering them useless to the user. Once data has been encrypted, the victim receives a notice demanding that they pay a fixed sum to receive the key. If the fee is not paid, access to their files and drives will be lost.

According to Sonicwall the number of attempted ransomware attacks skyrocketed in 2016, increasing to 634.2 million from 3.8 million in the year previous. Even the most conservative estimates expect this number to double in 2017.

There are a few factors that contributed to such a huge jump. The first is simply a greater availability of the software to carry out such attacks, which are now being sold for a cut of all ransoms paid.

The second is the increased reliance on internet connected systems, resulting in more potential targets for attackers. For example, an Austrian hotel was recently forced to pay $2,000 after a ransomware attack disabled it's internet managed lock system, locking all guests inside their rooms.

Despite these seemingly super-villain inspired plots, the risks and consequences of ransomware for businesses remains largely the same; losing access to critical data. And besides coughing up hefty sums of cash (encryption keys are reported to actually work only 60% of the time), there are few alternatives in the face of an infection spreading through your systems.

The sad truth is that once files are encrypted there is no way to fix them. Due to this, the best way to restore data is from backups. As such, it is critically important that businesses have a redundancy plan in case operations are disrupted or outright halted due to a malware attack.

Even then, the technology of ransomware is continuing to advance, in some cases being programed with the ability to spread into backups that are not properly isolated or protected. This creates a scary situation for administrators, who then have few options in the face of infection.

Last month, however, Microsoft unveiled new security controls to the Azure Backup utility that work to prevent this from happening. In order to access Azure backups by any means, a unique security PIN is required from the administrator. This means that in order for ransomware to spread into the backup, an administrator will be alerted that their PIN is required and will be alerted to the attack.

Furthermore, the service also retains previously deleted backup data for 14 days. So in the rare event that backup data does become compromised due to a ransomware attack, unaffected copies can still be restored following a system wipe.

While tools such as these are certainly an asset in preventing major financial losses to any company, it is  important to remember that ransomware attacks are 100% preventable. As mentioned, the majority of cyber attacks are caused by preventable user errors such as clicking the wrong link in an email or visiting a compromised website. It just comes down to educating your users on proper email etiquette and how to spot a phishing email. For your convenience, we posted a helpful guide in a previous blog post.


Leave a comment!

All fields marked with an asterisk* are required.