Ransomware attacks have increased over 90% in the last year with no sign of the trend slowing down any time soon. Since companies that are targeted for a ransomware attack could have their primary modes of communication disabled indefinitely, they must specifically be prepared with the right technology and processes in place to broadcast information to key stakeholders, clients, and employees during a disruptive event or crisis and to ensure business continuity.
Ransomware and ransomware attacks have become a lucrative industry for cybercriminals. As a result, law enforcement must often team up with international agencies to identify cybercrime and bring down cybercriminals. However, the fact remains that most of past ransomware attacks have been linked to poor IT and security practices by employees.
1. How does ransomware work?
All forms of ransomware share a common goal – to lock your hard drive, encrypt your files, shut down your business operations and demand money to hand you back control of your data. Ransomware is but one of many types of malware or malicious software that uses encryption to take your business hostage. It targets both human and IT weaknesses by denying your business access to its most sensitive and important data and/or systems to stay operational. This could range from locking one system to full encryption pending payment of a set amount of ransom.
2. Steps in a typical ransomware attack
- Distribution – attackers employ techniques such as social engineering or trick users to download a dropper that starts the infection.
- Malicious code infection – this dropper installs the ransomware itself.
- Malicious payload staging – after installation, the ransomware persistently embeds itself in a system which takes it beyond a reboot.
- Scanning – after embedding itself, the ransomware searches for content to encrypt on the local machine and the network.
- Encryption – the files located are encrypted and a ransom is demanded from the victim.
3. How to plan ahead
Comprehensive business continuity and disaster recovery plans, with a strong focus on cybersecurity, can ensure that you have the requisite resources to survive a ransomware attack. You should at the very least have a perimeter anti-malware system that can filter out malware at the edge of your network, but if possible implement multiple layers of defense such as firewalls, data encryption and complete backups of your IT environment. The latter will allow you to restore your IT environment to a point before the attack and so avoid paying the ransom. However, restoring from a backup can take a significant amount of time if you’re not prepared. It is, therefore, important to know your maximum allowable downtime to determine your recovery time objectives. This should all be set out in your business continuity plan.
Ransomware criminals often attack SMEs and SMBs. If you don’t have a business continuity plan or are still relying on a manual plan, it could take weeks – if ever – to recover your data and applications after an attack. The best way to fight off a ransomware attack is to not let it happen. This means having controls and security such as Plan4Continuity’s Cyber Security – Quarterly review plan in place to prevent attacks from happening at all.
You might also be interested to read: