Press Enter to Search
Everywhere you look these days, it’s in the headlines: another healthcare network, business, or government entity has suffered a debilitating ransomware attack. What used to be a curiosity is now a raging epidemic that shows no signs of slowing—and no sector is immune. By 2021, ransomware damages could cost the world $20 billion (57 times more than in 2015).
 
Even worse, cybercriminals are shifting their strategy. Not only are they demanding larger sums of money—from a few thousand dollars to upwards of $50,000 in just the past few years—but they’re increasingly targeting small and midsize businesses, which may be less sophisticated on the IT front and more willing to pay.
 
I recently sat down with Steve Lodin, senior director of cybersecurity operations/corporate security at Sallie Mae, to discuss this growing threat. We also offered advice for organizations looking to harden their defenses and prepare to respond in the event of an attack.
 
Here are a few highlights from our webinar, “Be Smart, Take Charge: What You Need to Know About Cybersecurity and Ransomware Prevention, Detection, and Response” (you can access the free webinar here).
 
 

How Does Ransomware Work?

Ransomware is malicious code that’s designed to encrypt files on an infected system or storage device to prevent the owner of the data from accessing it. Cybercriminals demand a ransom in return for a decryption key.
 
Ransomware can infiltrate in various ways. Among the most common are phishing emails containing embedded links and innocent-looking email attachments. Email attachments don’t have to contain ransomware code; once opened or downloaded, they can simply run additional code that instructs the host system to download ransomware code from a website.
 
Think about what this means. Among tens, hundreds, or thousands of employees, it takes just one person, one email, one visit to a malicious website. Once that ransomware code finds a vulnerability in the host environment, it can take over in short order.
 
Now, here’s the really bad news: paying these criminals doesn’t always bring data back. In fact, according to a 2017 study, only 26% of businesses that paid a ransom in 2017 received a decryption key. (Of those organizations that paid, 73% were attacked again.)
 
 

How Can You Protect Your Business and Limit the Fallout?

Every organization needs a three-pronged approach to effectively address the ransomware threat: prevention, detection, and response. You’ll want to begin with proactive measures that lessen your odds of a successful attack and limit your vulnerabilities when ransomware strikes.
 
 
SYSTEMS
  • Limit access to your systems, including local admin access (the principle of least privileges).
  • Ensure your system is patched, along with third-party apps like Adobe and Flash.
  • Secure the system with antivirus, anti-malware, and email security services that block known threats; implement tools that scan incoming emails or flag employee activity on known malicious websites.
  • Invest in good data backups.
  • Evaluate and monitor connections with third-party vendors. Allow access only as required for them to provide services, and only on network segments they need.
 
PEOPLE
  • Instruct employees to report suspected phishing emails.
  • Communicate with employees about current ransomware threats.
  • Test employees periodically with sample phishing emails and unfamiliar attachments to maintain awareness.
 
PLANNING
  • Create an incident response plan, ideally involving IT, legal counsel, internal and client communications, and forensic analysis; test and refine it regularly based on newly identified weaknesses and threats.
  • Invest in cybersecurity insurance, with a full understanding of what’s covered in the event of an attack.
  • Make sure vendor contracts include language requiring vendors to notify you within a short period of time of any attack on their systems. Know how to shut down connectivity quickly in case of attack.
  • Enhance your tech stack. An incident response manager tool will allow you to see how/where you’ve been compromised, act fast, and minimize the impact of a ransomware attack; a file integrity management solution can tell you whether any changes made were authorized by your existing change management system.
  • Make sure you have access to enough Bitcoin in case paying ransom is your only option; you might want to establish a Bitcoin account expressly for this purpose.
 
EMERGENCY RESPONSE
  • Check with law enforcement to determine your odds of recovering data. Depending on the type of ransomware deployed, you might be able to get a decryption key from the FBI’s database.
  • Perform a system analysis to determine what communications went outbound and what specific actions were taken on the system. These details will help you determine what gaps in your security stack need fixing.
 

Want to Learn More About Ransomware Preparedness?

If this post left you with more questions than you had before, you’ll want to tune into our recent webinar, “Be Smart, Take Charge: What You Need to Know About Cybersecurity and Ransomware Prevention, Detection, and Response.” You’ll learn more details about the ransomware threat and come away with more resources and specific tips you can use to better secure your systems and develop a thorough, effective response plan.
 
Don’t wait till ransomware strikes to understand what you’re up against and fortify your business. Access the free recording here, and start taking steps to minimize the threat.
 
 
 
 
 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Info and Insights You Won't Want to Miss

Here on the OS Blog, we aim to give you just the right mix of high-level views, tactics, and tools you can use to optimize your collection operations and results. Subscribe today for a steady stream of practical, empowering content delivered to your inbox weekly.

Posted by Rick Clark

As Corporate Security Director, Rick Clark is responsible for all phases of Ontario Systems’ corporate security and implemented its security program. He leads internal efforts to ensure that Ontario Systems’ products meet regulatory and best practices compliance in security. With more than 10 years of experience in Information Security, Rick is a recognized advocate on issues of security, compliance and data privacy.
All Posts