Ransomware is the current biggest name in cybersecurity threats. Organizations and individuals alike have a lot to lose when a ransomware attack latches onto their systems, but even at its worse, there are ways to get around the problem.
Here is a brief description of ransomware and how the threat works, along with details that can harden your network defenses and make your IT assets safer every day.
What Is Ransomware?
Ransomware is a system of threats that lock away your files in a complex way. There is no known, easy way to unlock the files, and victims must pay a ransom to hijackers if they want their files unlocked.
The locking part is the most dangerous part of ransom. Encryption is a big part of modern security, which scrambles or mixes up data in ways that can’t be quickly unscrambled. This is important when sending important files such as payment details, personal information, trade secrets, or other secure information.
You use encryption every day. When you visit a website with https or a lock beside it, you’re using a form of encryption that scrambles your data. The same goes for using online shops, which once used an outdate security layer called SSL or Secure Socket Layer.
Ransomware can be loaded in several ways. You could open a trojan virus–a virus pretending to be a legitimate file–that unloads instructions to encrypt your data. You could click on a link that automatically launches a trojan, or in some rare cases, a hacker could personally sneak into the business and launch a ransomware payload.
Personal attacks are mostly for action/thriller movies, but it’s not impossible and not unheard of at the corporate, government, or even small business level.
Why Can’t Ransomware Be Stopped?
Ransomware can be stopped, and it’s sadly spread by existing problems that should be a thing of the past. Many businesses and individuals still open the same old fake invoices or email attachments, or visit unauthorized sites that could have viruses. The only difference is that ransomware instructions are attached.
It’s not how you get infected that has changed, but what happens after you’re infected.
To be fair to many victims, there are always new hacking tricks on the market. The biggest threats aren’t all issues of user incompetence, and there are some new viruses that can’t be swept away by just adding an anti-virus suite.
The “can’t” here is more about unlocking your files. The most devastating ransomware situations use RSA (Rivest–Shamir–Adleman) cryptosystem encryption, which is a style or format of scrambling data. Tiny Encryption Algorithm (TEA) is another encryption method, and some ransomware systems use a combination of these two methods or more to make it even harder to crack.
RSA standards such as RSA-128 would take 4,294,967,296 x 1.5 million years to break by using brute force–a method of rapidly guessing into the right answer for the encryption. While there may be–and certainly will be–a way around or through this encryption when some smart minds stumble upon the answer, the smarter hack is to work around the encryption.
This mentality works for people trying to break into encryption, and it works for small businesses who need affordable protection against ransomware.
Backups Are The Way
Increasing your network security is great. You should have an anti-virus suite on every system, security policies that control and divide access to systems, and a firewall that controls network access.
Employee education is great. Users need to know how to spot data threats, and they either need to know not to visit dangerous websites or how to safely visit and not get caught. Preferably away from a business system.
If you really want to survive the ransomware-controlled cybersecurity scare, you need to do something everyone with data should be doing anyway: managing backups. Backups deliver multiple benefits, but the high risks of ransomware underline the importance safe and secure backup data.
If your systems fail, a set of backups can help you get back to business without losing everything. If your business keeps inventory, financial data, customer data, blueprints, schedules, trade secrets, or anything vital on the network, a storage drive failure or data corruption can wipe out your productivity and force your team to start over.
With a backup, your team will only be set back a few hours, days, weeks, or however long since the last backup. If a ransomware infection happens, it means your systems have a chance at a fresh slate as if nothing happened.
Of course, the backups can be infected as well. If your backups are connected to an infected network–or if someone pushes a backup into a still-infected system or network–the ransomware can lock down your backups as well.
Backups on a distant site, such as storing in Los Angeles when your business is in Seattle, Chicago, St. Louis, New York, Myrtle Beach, or Miami, can make it harder for physical theft or natural disasters to affect backups and live systems at the same time. Security professionals can help you schedule, maintain, and spread your data assets for a long-distance backup plan.
Be sure to use standalone backup systems. Your team either needs to manually move drives from the network to a data storage, or the backup process needs to disconnect itself after use. If you have more than one backup system, you can even plan for a backup that happens just before an infection occurs.
There is always the risk of a sleeper virus that causes no problems and rests invisibly until something triggers the ransomware. To be safe, in the event of a ransomware attack you should copy the backups and scan the backups for damage. Test one version of the backup at a time, and always keep an undamaged backup in a secure safe.
It takes a bit of planning and investment, but preventative measures are far more affordable than the cost of paying data ransom. Contact an IT security and cyber threat professional to talk about your ransomware preparedness.