Ransomware is on the rise - crippling organizations worldwide and consistently dominating security news headlines. In 2019, a new organization fell victim to this dangerous type of malware every 14 seconds. Ransomware, which is most commonly delivered in a phishing email, is designed to block access to a computer system until specified ransom - in the form of untraceable Bitcoin - is paid. 

A ransomware attack can have devastating consequences for businesses including data loss, hefty recovery costs and significant downtime - or even permanent closure. Sixty percent of SMBs that get hit with ransomware go out of business within six months of experiencing the attack.

Ransomware Carries Heavy Costs for Businesses

Cloud systems like Office 365 and G Suite are unprepared to protect against ransomware and businesses are literally paying the price. Organizations are increasingly experiencing multiple attacks, often by the same type of ransomware. Ransomware-as-a-Service (RaaS) schemes on the dark web - which enable individuals and groups to have a disproportionately large impact relative to their knowledge and skills - are becoming increasingly prevalent. Mobile ransomware is also becoming increasingly common and problematic. Because mobile phones often lack adequate security defenses and contain valuable information, cyber criminals are devoting more time and resources to mobile ransomware development than ever before and mobile ransomware is now at the forefront of ransomware innovation. 

Ransomware Prevention

The single most effective method of preventing a ransomware attack is ensuring that your organization has implemented a multi-tiered cloud email security that fortifies cloud email with critical additional real-time security defenses designed to fill the voids in built-in protection. As the majority of ransomware is delivered via a malicious attachment in a phishing email, an effective solution should offer malicious URL protection and should employ multiple email authentication protocols to detect email spoofing and prevent sender fraud. Secondary to investing in quality supplementary email protection, below are ways on how to protect against ransomware:

  • Think before you click! Make sure that you confirm the legitimacy of each email you receive before downloading any attachments it contains.
  • Ensure that your OS is patched and updated. This reduces the chance of vulnerabilities existing that threat actors could exploit.
  • Backup your files frequently and automatically, and protect the backups you create. This won’t prevent a ransomware attack, but it can reduce the damage caused by one. Be aware that backups are not foolproof. Ransomware may sit idle for weeks until it is triggered, potentially destroying backups.
  • Using content scanning and email filtering, which ought to take care of many phishing and ransomware scams before they actually reach staff.
  • Train staff to recognise suspicious emails
  • Never click on unverified links or dont open untrusted email attachments or download anything from sites you dont trust

Ransomware Removal and Recovery

Ransomware_Removal_Recovery.jpg

In the event that you do get hit with ransomware, it is important to be aware of the initial actions you should take to protect your data and recover your systems. These steps include:

  • Record the details of the ransom note that appears on your screen. Not only does this note contain details you will need should you decide to pay the ransom, it will also help recovery teams you engage determine which strain of ransomware hit you. In some cases, recovery experts can use this information to find an existing decryption key.
  • Disconnect the affected device from your network to help protect backups, but don’t turn the device off immediately. Data in the device may be needed for forensic analysis.
  • Don’t erase the encrypted files. If you hire a recovery service, they need something to recover. Experts may be able to use the files to determine what strain of ransomware hit you, which can aid in recovery.
  • Consider paying the ransom. Although it seems unethical to support someone’s illegal activity, paying the ransom is frequently the easiest and cheapest way of recovering locked files. If the ransom is more than you can pay, you may be able to negotiate with the attackers for a lesser amount. Also, consider your costs if you don’t pay the ransom, and you are not able to quickly recover your data. Keep in mind that there is no contract of code of conduct when negotiating with criminals. Forty-two percent of organizations who pay a ransom don’t end up getting their files decrypted. It should be noted that it is now illegal to pay ransom to hackers who are subject to U.S. sanctions - whether or not the victim or facilitators are aware of these sanctions. 
  • Consider working with a firm that specializes in ransomware recovery.
  • Once systems are up and running again, be sure to erase any traces of the attack by doing a complete wipe and restore.

Last but not least, learn from the incident. Perform follow-up tasks to prevent future attacks such as correcting the vulnerabilities that led to the attack in the first place and ensuring that you have a proactive, layered cloud email security solution in place to prevent ransomware emails and other malicious threats from reaching the inbox.