WHAT’S THE STORY?
Ransomware introduces malicious software onto a target computer or server to exploit one or more programmatic flaws and gain expanded access to the computer. With files “locked” with an encryption key that only the attacker possesses, the impacted user is asked to pay money—often in the digital currency bitcoin—to reinstate access to the encrypted files. Ransomware in itself is not the real risk. The risk lies in the impact to the business that is caused by a service or process that has been suddenly removed. Now, Ransomware-as-a-Service (RaaS) is enabling less-skilled malicious actors to employ this threat tactic, with high reward for little effort or technical knowledge.
WHAT DOES IT MEAN?
In the last year, we have seen high-profile cyber attacks from destructive malware as a result of people mistakenly downloading malicious files. A variant of the Petya/Petwrap malware was in evidence in June 2017 when companies’ computers in Europe, the Middle East and the United States were hit with a ransom note demanding US$300 to recover their files. Such an incident highlights not only the frequency and sophisticated of cyber threats, but also serves as a reminder of the outcomes of human error.
WHAT CAN YOU DO?
Download the report and take practical steps today to protect your organization from future malware attacks like Petya/Petwrap:
Adopt proactive prevention: Many, but not all, ransomware attacks are initiated by a disguised trustworthy entity asking for sensitive information via an electronic communication. Known as phishing, employees can be helped to recognize such scams through prevention training and awareness programs. Make it easy for your employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.
Elevate e-mail controls: Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and revisit how you configure your e-mail.
Insulate your infrastructure: Stay one step ahead of smart attackers by removing or limiting local workstation admin rights or seeking out the right configuration combinations (virus scanners, firewalls and so on). Also, regular patches of operating systems and applications can foil known vulnerabilities—Microsoft patches related to the WannaCry threat is one of the measures that should be included as part of a normal patching cycle.
Plan for continuity: Having a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested makes it easier to avoid paying any ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers should not be constantly connected to backup devices, and the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.