26 Apr Ransomware on the Rise: 5 Tips to Protect Your Data
Hospitals have been the high-profile target of several recent attacks by cybercriminals who take a computer’s or network’s files hostage and demand a payment to restore access. The weapon used is a type of malware (malicious software) that is aptly called ransomware. Hospitals are good targets from the criminals’ perspective because not only are lives potentially on the line if a hospital network is compromised, making the situation more urgent, but also hospitals tend to spend less time maintaining their networks so they are easy prey. Ransomware attacks are not limited to large, public, or human services institutions. Individuals and small businesses are also likely victims, and attacks are on the rise. A report by Trend Micro shows more ransomware infections in February 2016 than in the first six months of 2015. Ransomware cost its victims some $24.1 million last year. In the face of this growing threat, the best strategy is a good defense.
How Does Ransomware Attack?
Some common ways that ransomware finds its way into systems include:
- Email – A common tactic of cybercriminals is phishing. They send bogus emails that appear to come from a credible source who has an important or somewhat urgent matter to resolve such as a delivery, invoice, banking issue, or even a job opportunity. The emails lead the recipient to an attachment or link, which if clicked on gives the ransomware access to the computer.
- Outdated Software — Ransomware may penetrate systems through Internet browsers that are running older version of Java, Flash, Shockwave or other software and plug-ins that are not updated and have known security vulnerabilities.
- Malicious Advertisements — Criminals may put ads that appear legitimate on highly trafficked websites, which if clicked on give ransomware an entry point.
Cybercriminals are crafty, and their attacks evolve and become more sophisticated with time. Some of the newer forms of ransomware, one is called “Locky” and another “Samas” (aka, MSIL, SamSam), encrypt data and look for network backups or auto backups that the ransomware tries to delete. Ransomware may start on one machine and find its way to shared files and other drives to which a computer has access. The Samas strain accesses systems through vulnerabilities on servers. Cisco has warned that newer forms of ransomware are self-propagating, and don’t require human action to spread.
After ransomware has gained its footing in a system, the user is informed that to restore access to their files, data, documents, or images a ransom must be paid. The criminals are happy to instruct the user how to execute the transaction, often using bitcoin, a digital currency that’s hard to track.
The Best Offense is a Good Defense
Victims of ransomware attacks do not usually have many good options at their disposal. They can pay the ransom (the average ask is about $300, but can be much higher — reportedly up to $50,000). The FBI has even suggested that in some cases paying might be the best recourse, although it only encourages the criminals. There may be ways that a technology expert can work around the criminals, but that’s not a simple solution. In the best scenarios, the victim has a backup of their data that has not been compromised. That’s a nice place to be. So let’s discuss how you can avoid an attack or at least be in the best position should one occur. Here are five tips to defend against ransomware:
1) Backup data — You should backup files and data regularly, including to a drive not connected to your network, such as a cloud storage service or physical device.
2) Careful where you click — or as some at FDS like to say, “just don’t click.” Be wary of links and attachments in emails or online. If you want to visit a website, rather than clicking a link, you can access it directly through your Internet browser. If you have a billing or financial question, call the company or bank.
3) Update software. Software updates and patches address vulnerabilities, so don’t ignore prompts to update.
4) Use up-to-date antivirus software. There are many to choose from, but make sure it’s current and doing regular scans.
5) Educate employees. TECHPol has written blogs (see posts: Employees: The Weak Link in Your Company’s Cybersecurity and What’s the Biggest Cybersecurity Threat? Employees.) about the importance of making sure employees are trained about security protocols and made aware of cybercriminals’ tactics.
For more information about malware and protecting your data, you can download our free e-book.