Ransomware made waves this year when it exploded onto the internet in a series of headline-grabbing attacks, all of which were attempts to extort businesses for exuberant amounts of money. The concept of ransomware is simple: install malware that encrypts all the files on a workstation, attempt to spread through saved email addresses, and ultimately force the user to pay a ransom to decrypt their data again. This is textbook extortion, highly illegal, and extremely disruptive to organizations being targeted.
Hospitals and other healthcare organizations were hit with a nasty piece of ransomware originally named "Petya". Europe, Russia and Western Europe all had confirmed attacks of this "Petya" and many organizations complied with the attackers' demands. A later variant of the malware, known as “Not Petya”, was modified so that the damage could not be reversed even after paying a ransom. This highlights the value of not complying with these threats, because there is no guarantee that paying the attackers for a decryption key will restore your data.
Ransomware is not unbeatable, there are steps which you or your organization can take to prevent this from ever becoming your problematic situation.
Step 1: Invest in a good security gateway to filter email and web traffic. Ransomware tends to come from a malicious attachments and phishing emails. One wrong click can infect the workstation and start the spread. Better to block the malware at the perimeter if possible.
Step 2: Create a Backup and Recovery Plan. Every three to four weeks back up all the files in the office, and more frequently for critical data. This will take time and effort from the IT team; however it is one way to guarantee that you will not lose most of your data. You can laugh at the ransomware, safe in the knowledge of your backup files stored elsewhere.
Step 3: A good security gateway is a start, but some phishing emails may still show up in your inbox. Proper training on how to spot these malicious emails is extremely important, not to mention a compliance mandate in many industries. Basic rule of thumb is not to open any email or attachment which is not expected, and it can never hurt to double check with somebody via another form of communication if things don't look right.
Step 4: Investing in a good antivirus can also help prevent these attacks. It should have to ability to prevent a malicious download from completing. Event logs should be centrally stored to help with remediation efforts.
Step 5: Continuous security monitoring is critical. Even with the first four steps in place, security incidents happen. The faster a threat is detected and contained, the less damage is caused. Even smaller organizations should have 24x7 eyes on screens, which may mean utilizing security as a service.