A new report found that nearly 40 percent of businesses had been victims of ransomware in the past year. Security Magazine says that at least a third of these businesses lost revenue and that 20 percent were shut down completely as a result of ransomware.
Malwarebytes, a leading malware protection software vendor, sponsored the report and states that “Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone.”
The report found that 46 percent of ransomware attacks came from email and they found that more than 40 percent of victims actually paid the ransom. There is also significant time spent on remediation from a ransomware attack. When an infected computer has access to your business cloud drive or file server, that infected PC will encrypt and make inaccessible potentially every file your organization needs to stay in business. It is reported that more than 60 percent of these attacks took more than 9 hours to resolve.
For ransomware prevention, Microsoft recommends that one should:
- You should:Install and use an up-to-date antivirus solution
- Make sure your software is up-to-date.
- Avoid clicking on links or opening attachments or emails from people you don’t know or companies you don’t do business with.
- Ensure you have smart screen (in Internet Explorer) turned on.
- Have a pop-up blocker running in your web browser.
- Regularly backup your important files.
I have found that user awareness and training is one of the most effective ways to avoid a ransomware infection. Given that there will always be someone who will open that infected email that gets past an Intrusion Prevention Firewall’s gateway antivirus (if your business has the foresight to actually have invested in one) and the endpoint device’s antivirus software, I have found that the best way to recover from this is from a reliable backup.
If you have a file server, ensure that the server is continually being backed up. Unless you have your own IT staff with server expertise, the best way to do this is to have your backup system provided and managed by a Managed Service Provider, such as Oxen Technology. Companies like Oxen Technology have the tools and expertise to ensure that your entire server can be restored in a short amount of time, should a ransomware attack get past your defenses. They provide IT expertise to organizations who don’t have the need or the budget for full-time IT departments. Managed service providers like Oxen Technology can also provide your organization with a managed firewall, which goes beyond a typical firewall as an Intrusion Prevention Appliance. Often, the Gateway Antivirus protection that Oxen’s WorryFree managed firewalls provide will actually catch and block the incoming infected email that one of your employees might just click on.
If one uses a cloud service for file storage and sharing, often that service can restore the organization’s files from the service’s backup. Microsoft’s OneDrive for Business has this capability, for example. The infected user’s local files on the computer will be lost, but the ransomware can be safely cleaned from the user’s computer by an experienced engineer sparing the Operating System, applications, and settings from having to be reinstalled and reconfigured.
What to do when you have been infected? Immediately power off and disconnect the infected computer from your network, then call an IT solutions expert such as Oxen Technology to help you get back to normal. Powering off the computer disconnects it from the network, but disconnecting the network cable adds another layer of defense for your network connected systems in case someone accidentally turns the computer back on.
John W. Rokes
40 Percent of Enterprises Hit by Ransomware in the Last Year. (n.d.). Retrieved August 13, 2016, from http://www.securitymagazine.com/articles/87332-percent-of-enterprises-hit-by-ransomware-in-the-last-year
Ransomware facts. Retrieved August 13, 2016, from https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx