Up until now our discussion has been about ransomware on home computers. Today I’d like to look at ransomware attacking businesses as well.
As mentioned in a previous post, systems infected with ransomware are also often infected with other malware. You may remember the ransomware CryptoLocker.
CryptoLocker also comes with Upatre, a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variation of the Zeus Trojan, which steals banking information, along with other types of data.
Once GameOver Zeus has stolen the information, CryptoLocker encrypts files on the infected system and requests that a ransom be paid.
The Impact of a Ransomware Attack
Unlike an attack on a home computer, when ransomware attacks businesses there can be serious negative consequences. These might include things like:
- Temporary or permanent loss of sensitive or proprietary information
- Disruption to regular operations
- Financial losses incurred to restore systems and files
- Potential harm to an organization’s reputation
Sadly, paying the ransom does not guarantee the encrypted files will be released. It only guarantees that the cyber criminals receive the victim’s money and possibly their banking information also.
In addition, decrypting the files does not ultimately mean the malware infection itself has been removed.
Ransomware attacking businesses leads to devastating effects and recovery can be a difficult. The recovery process may at times require the services of a reputable data recovery specialist.
US-CERT, The United States Computer Emergency Readiness Team offers some recommendations. Business users and administrators of IT systems should take the following preventive measures to protect their computer networks from ransomware.
First, initiate a data backup and recovery plan for all critical information. Regularly perform and test backups, to minimize the impact of a data or system loss. This will also help to expedite the recovery process.
Remember also that network-connected backups can be affected by ransomware. Ideally, critical backups should be separated from the network for maximum protection.
It is next suggested to use application whitelisting to stop dangerous software and unapproved programs from running. In case you are unfamiliar with the term application whitelisting, here is the official definition. It is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. This strategy allows only specified programs to run, while blocking all others, including malicious software.
Another ongoing practice should be to keep operating systems and software up-to-date, including the latest patches. Vulnerable applications and operating systems are the target of most attacks.
Ensuring that updates are current will greatly reduce the number of entry points that an attacker can exploit.
Maintain up-to-date anti-virus software and scan all software downloaded from the internet before installing it. Do not allow computer users to install any unapproved software without prior permission.
Apply and enforce the rule of “Least Privilege”. This means that a person is only allowed access to whatever is necessary to complete their job properly. This will aid in preventing the spread of any ransomware, malware, virus, etc, should one get in.
Never enable macros from email attachments. If a user opens an attachment and enables macros, an embedded code will activate the ransomware on the computer.
Businesses and organizations may find it best to block email messages with attachments from unknown sources. Always safely handle any email attachments. Be sure to follow safe practices when browsing the web. Do not follow unsolicited web links in emails.
Above all, individuals, businesses and organizations should never pay a ransom. As mentioned previously, this does not guarantee files will be unlocked.
Any instances of fraud, such as this, should be reported to the FBI at the Internet Crime Complaint Center.
Remember, with all best efforts and intentions, bad things still happen. We will still find ransomware attacking businesses. The one constant savior is having data breach insurance coverage.
To get coverage customized to your particular business and needs, MrInsurability is, yes, just a click away!