Is Your Company’s Network Safe from Ransomware?

The top cyber threat on the web for 2016 is more insidious and personal than anything in the past. It infects thousands of computers each day, and it’s growing. It is a type of malware that infects web-enabled devices, prevents users from accessing their files and then demands a “ransom” be paid or the files will be lost forever. The malware’s self-evident name is ransomware.

Ransomware’s Ransom Demands

Ransomware typically infects computers and networks by spam email. When an unsuspecting user clicks on a link inside an infected email, which may appear to be from a friend, coworker or banking institution, the malicious code downloads, installs and encrypts the files on the user’s device. If your device is on a network, the virus goes out to all the attached network drives and attacks those.

Once the ransomware has encrypted target devices, files and drives, a popup appears on the screen informing the user (or your company) that all files and/or drives have been taken hostage via encryption. The typical message demands that a ransom be paid using Bitcoin, PaySafeCard or Ukash by a specific deadline in order to receive the encryption key, or all of the user’s encrypted files and/or drives will be destroyed.

Is Your Company a Target?

What would you do if your company’s network was hacked, encrypted and held for $17,000 ransom? That’s exactly what happened to the Hollywood Presbyterian Medical Center on February 5, 2016. The hospital paid the ransom.

There are so many variants of ransomware evolving and popping up on the web that it’s impractical, if not impossible, to provide an up-to-date list of the different virus strains. It is also impossible to unscramble or retrieve the encrypted files and/or drives without the key.

Moreover, a new generation of ransomware has been detected in recent months that doesn’t require human interaction — no clicking required! This new strain of ransomware is a virus-like hacker application that exploits vulnerabilities in a company’s servers.

Preventing Ransomware Attacks

When you consider that more than 90% of all phishing attacks have ransomware payloads in them, formal training for your employees is your first line of defense to protect company assets from cyber extortionists. Implement training resources that use specific real-world examples and appropriate responses to ransomware attacks.

Secondly, take cyber security very seriously on all fronts, from proper email protocol training, to using anti-virus and firewall software with specific ransomware functionality. Equally important, keep your software up to date!

Next, consider your company’s current cyber security, data backup resources and level of business continuity and disaster recovery (BCDR).

  • What type of data backup system do you have in place?
  • When is the last time you tested your backup system?
  • What would a ransomware attack cost your company in lost information, productivity, resources, recovery time and potential lawsuits?

Create a Culture of Security

In today’s digitally-connected world and organized underground cyber crime, employee training, point-of-access cyber security and on-site backups, unfortunately, are not enough to protect your company from devastating malware attacks or utter annihilation. You need more, and your clients deserve protection, too.

Consider the recent brush with ransomware by Rehab Pro LP, a provider of rehabilitation services. Rehab Pro LP was attacked and infected with Locky. The company’s managed services provider (MSP) restored the previous night’s backup using their Datto BCDR solution. Rehab Pro was up and running within minutes!

Create a culture of security within your organization by implementing true business continuity with technologies customized for your needs:

  • Modern backup processes will virtualize your entire systems not just individual files so when disaster strikes you can be back up and running immediately as if nothing happened
  • Hybrid backups may be accessed locally or remotely from a secure cloud providing resilience no matter what type of incident occurs
  • In a glance, see what has been created, modified or deleted between backups and provide better visibility of your systems.
  • Do you even know if your backup system really works? Work with a managed service provider (MSP) that incorporate daily testing to validate backup integrity.

Don’t fall victim to cyber extortionists. Remember, that the keys to a successful BCDR solution is training, security, and a hybrid backup system.   To learn more about solutions such as Datto’s hybrid backup system or get a demo contact Metro Business Systems today or call us at 203-973-2121.