Ransomware Attacks – Hope for the Best, Plan for the Worst

As if 2020 wasn’t already tough enough, recent findings indicate that ransomware is at an all-time high and expected to continue to be a prevalent threat.

Recognized as one of the most common forms of malware playing havoc with businesses of all sizes, ransomware is exactly what its name implies – a threat to publish a victim’s data or block access to their network unless the demand for a ransom is paid.

Typically, ransomware makes its appearance on a computer via phishing or spam emails containing attachments. These attachments or links within content are where the ransomware lives. When the attachment is clicked, the computer is at risk of becoming infected with ransomware.

The swift evolution of these malicious breaches is mind-boggling. Just a mere year ago, losing temporary access to data could be resolved with a back-up system for data recovery; unfortunately, that has changed as cybercriminals continue to become more sophisticated. Now, attackers take a copy of the data out of their victims’ network. If the demand for ransom is not met (and in some cases, even if it is) breached information can be publicly posted, thereby broadcasting sensitive client data and damaging a company’s reputation.

While no one wants to reward or perpetuate this type of criminal behavior, businesses must have access to their data to continue to operate, so there are times when you must swallow that bitter pill and pay the ransom. Paying the ransom is a business decision; the pros and cons must be considered as they would with any other corporate assessment.

The unfortunate news continues in that no one is immune to this variety of cyber criminality; if your company uses the Internet, it’s fair game for malicious intent.

So, how do you guard against a ransomware attack?

First and foremost is having the ability to recognize when something is “phishy.” Educate your employees on the telltale signs of a scam email, which include:

  • Mismatched URL
  • Misleading domain name
  • Poor spelling and/or grammar
  • Request for personal information
  • A “too good to be true” offer
  • Appears to come from a government agency

Inasmuch as attackers are and will continue to become increasingly sophisticated, so too must companies become increasingly more vigilant. Installation of security information and event management (SIEM) software products provide real-time analysis of security alerts generated by applications and network hardware.

Behavior-based malware detection is another proactive measure that can be taken against ransomware attacks. This software works by evaluating a piece of software based on its intended actions before it actually executes that behavior. As such, a behavior (like a phishing email) can be analyzed for suspicious activity before it runs on your network.

A few other actions to protect your business from being a victim of ransomware include:

  • Back up data for retrieval should your network become compromised; plan a recovery sequence for servers so that key business processes can resume
  • Look into an additional archive of key servers and data sets that are stored offline
  • Use strong antivirus software
  • Install protection software to help prevent data from being encrypted
  • Maintain up-to-date computer operating systems
  • Have an effective cloud backup solution in place
  • Emphasize the importance of vetting emails and links to staff
  • Create a ransomware incident playbook and practice it regularly
  • Invest in cybersecurity and business interruption insurance
  • Plan how you would acquire and pay out cryptocurrency since ransom is paid in Bitcoin
  • Place a cybersecurity response team on retainer
  • Hire a ransomware expert

The speed at which ransomware attacks have proliferated in just a few years is astonishing, but not surprising since they are easy to conduct and yield a high payout.

Ransomware can be a lingering threat, holding daily business operations hostage and placing a company’s brand and reputation at high risk. In the aftermath of a malicious attack, businesses can find themselves in the unenviable position of having to meet core functions with limited or zero access to data. Even with a solid backup plan, a ransomware attack can have long-standing ramifications. It is a universal business problem that should not be underestimated.

Website | Posts

David Sun is a forensics and integrity services partner with blumshapiro (www.blumshapiro.com), the largest regional business advisory firm based in New England, with offices in Massachusetts, Connecticut, Rhode Island and Virginia. The firm, with a team of over 500, offers a diversity of services, which include auditing, accounting, tax and business advisory services. blum serves a wide range of privately held companies, government and non-profit organizations and provides non-audit services for publicly traded companies. To learn more visit us at blumshapiro.com. David can be reached at dsun@blumshapiro.com.