It’s one of the world’s fastest-growing industries, it’s already a multi-billion dollar global criminal enterprise and it poses a significant risk to every business’s systems and data. I’m talking about ransomware — a sophisticated type of malware that encrypts your files and holds your data hostage until you pay a ransom.
Ransomware is rapidly emerging as one of the most dangerous information security risks for South African organisations because of its sophistication and because the volume of attacks is growing at an exponential rate. Information security vendor, SonicWall, says that ransomware attacks on businesses of all sizes shot up to 638 million last year from just 3.8 million in 2015.
The Federal Bureau of Investigation, meanwhile, estimates that ransomware cost companies in the US alone around $1 billion in 2016, a number that will most likely soar in 2017. We are aware of local businesses who have been hit by ransomware attacks and who have chosen to pay ransoms of hundreds of euros or dollars (often in bitcoin) to recover their data.
Pay up or lose your data
Though it would seem counter-intuitive to reward the extortionists, many IT managers found that the cost of rebuilding their systems and recapturing the data would be far higher than paying up for the decryption key. Given that the files are locked behind strong encryption, there is usually no other way to get them back. Of course, since one is dealing with criminals, there is no guarantee they’ll give the files back when paid.
One of the most troubling aspects of ransomware is that it has become so professionalised. Organised cyber-criminals are constantly refining their malware to evade detection by traditional anti-malware software and they are also becoming increasingly sophisticated in their distribution techniques. For example, phishing mails with a ransomware payload are often so well-crafted that it can be hard to tell them apart from a genuine message from a bank or telco.
Highly targeted attacks are not unheard of. Some gangs have set up slick online stores, where victims can see a couple of their files and then move on to a payments process. Other enterprising malware authors sell DIY ransomware kits on underground forums on the Internet, helping many other wannabe cyber-criminals launch ransomware attacks of their own.
Backups are the second line of defense
Though ransomware attacks generally target Windows computers, attacks on Android and Macs are becoming more commonplace. To protect themselves, companies should follow the basics of running up-to-date anti-malware software and training end-users not to open suspicious email attachments.
In addition, they should get serious about a discipline that far too many organisations neglect: implementing and following a solid automated backup plan. As simple as it sounds, a well-executed backup plan will make it far easier for an organisation to recover from a successful ransomware attack without paying the ransom.
In practice, such a backup plan should be built on an enterprise-grade automated backup solution so that it doesn’t rely on humans remembering to run backups. This solution should make regular backups across distributed devices and desktops to provide a secondary store of data—preferably stored off-site—as a failsafe mechanism in the event of a malicious attack.
A robust cloud-based backup solution provides off-site storage for additional peace of mind when on-premise data is at risk. The key is to make client backup so highly efficient and unnoticeable to the end user that they are being protected without even knowing it. This will provide an effective second line of defense against ransomware if information policy and systems fail to stop an attack from landing.
Jonathan Kropf is the CEO of Tarsus on Demand.