Ransomware – What it is and How to Avoid it
March 13, 2017
Contribution of Bryan Jorett of Conceir Technology Group.
For follow-up please contact Bryan via bjorett@Conceir.com
Let’s make this simple. There are bad people who do bad things. One of these things is to hold your data so you cannot access it until you pay for the release of this data. This is termed Ransomware and in 2015, online criminals used ransomware attacks to extort a $50 Million from victims. By the end of 2016, the FBI projected that ransomware criminals will reap over $800 Million from US businesses. FBI notes this is a conservative estimate.
What is Ransomware?
Ransomware is a virus placed onto your system via emails, access to mobile devices, etc. that allows the criminal to lock your data so you cannot access it until you pay a ransom.
How bad is it?
Beazley Insurance recently released their Beazley Breach Insights report, which found that Ransomware attacks were on pace to quadruple in 2016. Even more alarmingly, experts predict this number, already at an all-time high, will double again in 2017. Helping fuel this growth is the addition of new Ransomware variants. Multiple security research firms found that approximately 10 new ransomware variants were introduced every month in 2016. Researchers have also uncovered some variants that offer Ransomware-As-A-Service, which allows almost anyone to conduct a vicious ransomware campaign against the target of their choosing.
Why have ransomware attacks been exploding? Quite simply, they work. Ransomware attacks target most companies weakest link, the employees. In fact, ransomware attacks have been so successful it is estimated that the total cost of ransomware attacks for 2016 have topped one billion dollars, according to the Herjavec Group. – RebycSecurity 2017
It is the fastest-growing malware and it is already an epidemic. A U.S. government interagency report indicates an average of more than 4,000 ransomware attacks have occurred daily since January 2016, according to the U.S. Federal Bureau of Investigation (FBI).
What can be done to prevent it?
It is our educated and experienced opinion that, at this time, you cannot prevent a number of ransomware breaches from happening. HOWEVER, you can harden your system and have copies of your data saved in a manner that if you are hit by ransomware the damage will be minimal and you wil not have to pay a dime to the perpetrators.
How is this done?
By protecting your system from virus penetration via a system (Known as a Unified Threat Protection system). This system is comprised of a firewall, antivirus protection software and backup both on- premise and off premise (cloud).
This is cops and robbers stuff:
For almost every protection of ransomware attacks there will be a better version of the virus or new vehicles to transmit it that will render the prevention tactics currently employed obsolete.
There’s a reason Yale Lock Company has been successful for over 176 years. They build – bad guys break, rinse and repeat.
So while we unfortunately have to play this very serious “game” the best practice is to employ a Unified Threat Protection system.
What is Unified Threat Management (UTM) or Unified Security Management (USM)?
This process consists of the implementation of a number of hardware appliances and software tools designed to jointly secure your network from virus attacks.
So to recap:
1/ What is Ransomware? An attack on your IT environment that may keep you from accessing your company’s data until you pay to have it released.
2/ Is Ransomware a real threat? Yes, to the tune of $50 Million in 2016 and an FBI conservative estimate of $800 Million in 2017.
3/ What can I do to avoid these attacks?
Avoiding them? – odds are you cannot. However limiting or preventing them from accessing your network are greatly improved by utilizing a UTM system as described above. And if they do reach your sensitive data then secure back-up will limit, if not prevent, loss of your sensitive data and the ultimate avoidance of data lockdown and the expenditure of funds to release your data.
Best regards
und viele Grüße aus Charlotte
Reinhard von Hennigs
www.bridgehouse.law
und viele Grüße aus Charlotte
Reinhard von Hennigs
www.bridgehouse.law