If you’re considering a career in cybercrime prevention, you already know about the dangers of malicious software – most commonly known as malware – and its ability to wreak havoc on networks and individual computers.
But, you also need to be aware of a very specific type of malware gaining popularity as a way for criminals to freeze business operations and collect money from unsuspecting organizations – ransomware.
Cybersecurity students especially need to be aware of ransomware, an emerging threat that will only become more prevalent in the future. While ransomware has been around for a while, it came to worldwide attention recently with the spread of the WannaCry virus, which affected computers in 150 countries.
Cybercrime professionals must be able to protect their organizations from ransomware, and know the methods for recovering computer systems after an attack has happened.
What’s at Stake
Cybersecurity firm Symantec reports that ransomware is “the most dangerous cybercrime threat facing consumers and businesses …” and that the average ransom jumped from $294 in 2015 to $1,077 in 2016. Furthermore, ransomware is most prevalent in the United States – it accounts for about one-third of all cyber attacks.
While the ransoms seem high, they don’t represent the total cost of a ransomware attack. Organizations face significant downtime, even if they don’t pay the ransom, which can lead to lost sales and productivity.
Another cybersecurity software company, Malwarebytes, surveyed small- and medium-sized organizations about ransomware recently, and found that 1 in 6 companies experienced more than 25 hours of downtime after ransomware attacks.
While there’s no bulletproof protection against ransomware or other cyber attacks, your organization can reduce the risk.
Staff is the first line of defense against all kinds of cyber threats, including ransomware. With just a click, an employee can activate a program that infects computers and entire networks.
Considering this, an ounce of prevention is worth a pound of cure. Employees should be taught good computer hygiene from Day 1, so they don’t engage in risky behavior. Large organizations can design their own courses, but small- and medium-sized firms might consider using an outside training provider.
You should teach employees to follow these three behaviors:
- Be suspicious of all attachments. Malware code can be hiding in the most innocuous of email attachments. In the past, users needed to look out for an executable file with an .exe extension, but now malware can be propagated by nearly any type of file: Microsoft Office files with macros or task shortcuts, PDFs, images and text files.
- Scrutinize emails. What if the attachment comes from a trusted sender, like a coworker or friend? There’s still a risk, as malicious parties can spoof email addresses to fool recipients and lure them to divulge information, a cyber crime known as phishing. Tell employees to beware of emails that look out of character or that weren’t requested. If there’s doubt, tell the employer to email the sender (by typing the address instead of clicking “reply”) and ask if the message is legitimate.
- Beware of fake websites. Email is not the only risk. Your employees should be careful with any website that asks them to enter a password or download a file. Malicious parties can collect and use the provided passwords to infiltrate your system and plant ransomware. Fake news websites are especially dangerous. Your job is to tell employees which websites are trusted by the company, so they know they can use them without incident.
Protect Your Computers and Networks
Training employees is only half the battle. The next step is to secure your computers and networks so that they are less susceptible to ransomware.
To begin, create a system for frequent, automatic backups. If the computers and networks are infected with ransomware, you then have the option to wipe and restore everything from the backup, losing perhaps a day’s worth of work versus months or years of data.
Next, make sure all your computers are updated with the latest operating systems. One of the reasons why the WannaCry exploit was so successful is that it was designed primarily to infect Windows XP, a 16-year-old operating system Microsoft no longer supports. Newer operating systems, such as Windows 10 and macOS High Sierra, are fully supported by Microsoft and Apple, and receive frequent updates based on the latest security threats.