April 7, 2020
Protecting your company and remote workers from ransomware attacks has never been more important. With millions working remotely because of COVID-19, ransomware attacks are increasing every day.
What is ransomware? It’s a form of malware that encrypts data or important files on your computer and holds them for ransom. After payment is made, the files should be released.
In 2019, ransomware was responsible for more than $7.5 billion in damage in the United States. What does that look like for each organization? According to a new report, the cost to recover from a ransomware attack has doubled and now stands at $84,116.
Steeper ransoms are part of the cost increase, but that’s not everything. After an attack, your business will likely need to replace hardware, recover from lost revenue and brand damage, and rebuild anything that was broken or lost.
What is the possibility of a breach while millions of people are working remotely?
CNBC polled senior technology executives and found that more than one-third have already seen an increase in cybersecurity risks as most of their employees are logging in remotely. And with the effects of COVID-19, 85% of the companies polled report that at least half of their workforce is now working from home.
The Private Risk Management Association has already noted that risks will increase due to the large number of people in quarantine, working remotely. It gives hackers an opportunity to employ phishing techniques or infect remote desktop protocols, implant malware, and then steal data or hold it for ransom.
COMMON RANSOMWARE ATTACKS As workers are logging in from home, unsecured Wi-Fi networks and personal devices increase the risk for ransomware attacks. Ransomware can happen in a few ways, here are a few common techniques:
Phishing Emails Created to deceive recipients to download malicious attachments or click through to fake websites that may look and feel like legitimate sites, phishing emails are an effective route for attackers to install ransomware.
Drive-by Downloading Drive-by downloading can happen in partnership with a phishing email. If the malicious attachment is downloaded or the fake website is visited, malware can be downloaded unknowingly. Pop-up windows are also utilized–made to look like error reports or advertisements that need to be closed. A simple click and the malware is downloaded and installed.
Vulnerable Web Servers Hackers can also gain access to your organization’s network and data by finding entry points in vulnerable Web servers. No need to trick or deceive employees, the ransomware just exploits existing security holes.
Whaling Also known as business email compromise or CEO fraud, whaling is a targeted attack. The goal of whaling is to impersonate different members of an organization that can direct fund transfer to an attacker. A typical scenario involves impersonating a CEO or another leader and directing staff members to transfer funds.
Remote Desktop Protocol Attacks With so many employees working remotely, this method is especially vulnerable right now. Attackers will take advantage of missing or weak passwords or the protocol itself. In some reports, RDP attacks are more popular than phishing schemes.
HOW TO PROTECT YOUR COMPANY AND REMOTE WORKERS FROM RANSOMWARE With the uptick of remote workers and the increase in attacks, it’s important to know how to protect yourself. Here are ways you can protect your company and your remote workers from ransomware:
Require Antivirus and Whitelisting Software Detect malicious programs as they show up with antivirus software that is up-to-date. Proper software will scan anything downloaded from the internet before it’s allowed to execute. And whitelisting software only allows approved applications to be executed, avoiding harmful applications before they can get started infecting the computer in the first place.
Keep Your Operating Systems Up-to-date Require all workers, especially remote workers, to keep their operating systems up-to-date. The latest patches will reduce vulnerabilities that attackers can take advantage of and exploit.
Backup Files Automatically A data backup plan is essential. If your data is compromised, a backup could help you avoid a ransom in the first place. Test your backups regularly and isolate any critical information from the network.
Restrict User Permissions To add more security to your remote workforce, you can restrict user permissions and apply the “least privilege” principle to all systems. By restricting the ability to download and install new software, you could prevent the possibility of malware.
Update Your Training If you haven’t already updated your typical security training, now would be a good time. Include reminders about how to use two-factor authentication, how to update passwords, what to look for in phishing emails and sites, reminders about locking devices, and how to use your VPN. And with workers logging in from home, adding in a section about how to secure your home router would be incredibly relevant.
Disable the Use of Macros Another tip for keeping your remote workforce safe is the option of disabling the use of macros. Often used to personalize automatic emails or to add information to manual emails, macros can be an easy way into your system. If an employee opens an attachment and enables macros, malware could be embedded in the code and that action can kickstart the ransomware.
Look Out for Work From Home Scams During times of turmoil attackers will use current events to craft messages and build themed phishing attempts. Train your workforce to watch out for these attacks, especially during a time when news and other announcements are shared or delivered via email.
How safe is your organization from a ransomware attack? Are you prepared?
Today, only 16% of organizations have a cybersecurity task force and only 4% report that they are developing an incident response plan.
Assess your cyber risk and weaknesses with our three-question quiz.
Written by: [Jack Vines]