In 2015, law enforcement officials reported a spike in the number of ransomware attacks. While ransomware intrusions have been around for a number of years, the financial rewards for those who hold a website or network system hostage are significant. In an FBI report, last year’s growth has continued in the first few months of 2016.
The victims of these attacks cover every industrial sector, from businesses small and large to school districts, local and state governments, hospitals and school districts. Even law enforcement agencies have been targets. For the victims of ransomware attacks, the assaults can be catastrophic. Hackers perpetrating these attacks can prevent access to key data, threaten to expose proprietary information, or expose or sell customer data.
Ransomware explained
In a ransomware attack, a hacker gains access to an organization’s computer systems. Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system. Once embedded, the malware allows a hacker access to critical systems, often giving complete remote control data and access.
Hackers are getting more sophisticated. Today, the malicious code may be placed on a website. When a user with an unsecured or unpatched software program accesses the site, the malware slips inside that user’s computer.
Protecting your organization
The FBI recommends that organizations continue to be vigilant when it comes to safeguarding systems and educating employees. The two areas that the FBI recommends that organizations focus on are:
- Creating and frequently reviewing a robust business continuity plan that can be deployed in the case of a ransomware attack. Data should be backed up regularly. The backups should be inspected to verify that they maintain their integrity. Backups need to be secured and kept independent from the networks and computers they are backing up.
- Ensuring employees receive proper awareness training and that prevention controls are in place and comprehensive.
Tips for keeping systems secure
The FBI has released the following tips that are applicable for organizations, employees and individual computer users:
- Be sure that employees understand what ransomware is and what role they play in keeping the organization’s data and computer network systems protected.
- All software, firmware and operating systems should be patched on desktop and digital devices (including smartphones, tablets and laptops). A centralized network patch management system can make the coordination of these efforts easier in large organizations.
- Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
- Have very clear access and authorization procedures in place. Do not provide administrative access to employees unless absolutely necessary. Administrator accounts should be used sparingly.
- Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
- Macro scripts in office files should be disabled when sent over email.
- Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
The FBI encourages any organizations that believe they have been a victim of a ransomware attack to report the issue to the agency’s Internet Crime Complaint Center.
Compunet InfoTech is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (604) 986-8170 or send us an email at info@compunet.ca for more information.