The quick money to be made in ransomware scams appears to be driving furious innovation in the cybercrime world. A recent Trend Micro report stated that some cybercriminals have begun using macros and scripts, professional-looking phishing pages, and a computer’s master boot record to get victims to activate the malware on their computer systems.
As a result, ransomware infections are going through the roof. Anti-spyware vendor Enigma Software released a report showing that April was the worst month on record for ransomware in the US. According to the company, the number of ransomware samples detected by its product jumped over 158% between February and March of this year alone.
So what’s a company to do?
There’s a common thread in the most recent cyber attacks: they use four known Adobe Flash Player and Microsoft Silverlight software bugs that have patches available.
If you haven’t already patched recently revealed Flash flaws CVE-2015-7645, CVE-2015-8446, CVE-2015-8651, and Microsoft Silverlight’s CVE-2016-0034, you’ll “significantly” minimize your risk of getting hit by the latest in ransomware threats if you apply these updates, according to Recorded Future, which analyzed which vulnerabilities were being exploited most in ransomware attacks as of March 16.
In fact, we recommend you go a step further, by automating patch management of your systems on a regular basis. US-CERT reports that proactive patching can eliminate 85% of cyberattacks. This includes ransomware, so patch Microsoft Windows or the core operating system as well as any third-party plug-ins you may use.
You should also properly back up your data and protect your backup itself from getting infected with ransomware. The following are a list of steps we recommend to back up your data properly.
1. Be sure to backup your data regularly, since back ups are the most reliable way to recover from ransomware, according to a recent survey by CyberEdge that found that half of those who paid a ransom, still didn’t get their data back. In many instances, if you have a backup of your data, you can erase your hard drive, reinstall the operating system, restore the backup copy and start fresh.
2. Isolate your IT back ups from your production systems. In the old days, when back ups were sent to tape, it was easy to isolate your back up from the computers, applications and data in use. A criminal couldn’t encrypt a tape sitting on a shelf. Nowadays, backups are typically stored on drives which are in some way networked so data can flow to them from your servers. One simple way to isolate your back ups from production systems is to NEVER use the server’s own built in backup system. If the server can reach its backups so can the ransomware infection. Instead, use an IT backup system which is separate from the software of the server itself.
3. Keep versions of your IT back ups going back days, weeks and months. Some companies have cloud backup systems which overwrite yesterday’s backup every day. If data encryption is not immediately detected, it’s possible that a good backup can be overwritten by encrypted data. So it’s important that you keep several versions of your back ups. Generally speaking, you want to keep every day for a week, every week for a month, and every month for at least three months. Depending on your circumstance, you may want to retain several years of annual backups as well.
4. Audit your IT back ups. Backup systems fail, and new servers get brought on line, but do not get added to the back ups. Unless you have a solid auditing program, you will not realize you don’t have good backups until it’s too late.
Last but not least, we recommend you use anti-malware software, filter email and web access and educate everyone. While no software can offer perfect protection, having up-to-date antimalware software will stop certain cyberattacks. Since most cyberattacks are the result of a user clicking on a link in an e-mail or visiting a website they shouldn’t, having some form of e-mail and web access filtering system in place can help. It’s also important to make your staff aware of these threats. Start by developing a baseline – send a simulation via email to see how many people click on the test email. Odds are the percentage of those who clicked will be high to start. Then train all employees how to spot a social engineering attack, making it engaging and getting everyone in the company involved. Finally, run random simulations, that the staff knows are coming, but don’t reveal the timeframe. Over several months, the staff’s percentages will improve and you would have more than likely prevented a ransomware attack.
Contact us for help protecting protecting your company from ransomware infections.