Are You Prepared for a Ransomware Attack?

Cybercriminals Target SMBs

While the overall number of incidents may be on the decline, ransomware continues to be the leading type of cyberattack experienced by small- and medium-sized businesses (SMBs). These attacks are getting more sophisticated and more expensive for victims. A ransomware attack has the potential to cripple your organization and cost you hundreds of thousand dollars in payouts, fines, recovery costs, downtime, emergency response, and lost opportunities.

Many SMBs assume they are flying under the radar of cybercriminals and are keeping their fingers crossed hoping they won’t get targeted. While the ransom a cybercriminal can extract from an SMB may be smaller than the ransom a large corporation can afford to pay, SMBs make attractive targets because they often do not have the sophisticated security resources, viable backups, and detailed disaster recovery plans that most large corporations possess. Any disruption to an SMB’s IT systems can be a major expense creating the sense of urgency cybercriminals hope to create to ensure they get paid off.

Three Strategies to Help Your Organization Prepare for a Ransomware Attack

Some organizations choose to accept the risks and the ramifications of a ransomware attack. This is a viable option if your organization is willing to throw out your servers, buy new ones, and hope for the best when it comes to reconstructing your data; however, this is not an option for most organizations. This article outlines three strategies you can use to avoid a ransomware attack or mitigate the impact an attack has on your organization. These strategies are not exclusionary; most organizations should be employing a combination of two or all three of these methods to reduce the negative impacts on your organization in the event of a ransomware attack.

Strategy 1: Stockpile Cryptocurrency to Pay Ransoms

Some organizations would rather pay off a hacker to regain access to their critical data and systems, than admit to a breach that may have resulted in stolen customer data. To avoid risking the audits, scrutiny of regulators, loss of reputation, and potential fines that come with the public exposure of a breach, they stockpile cryptocurrencies, (usually Bitcoin, the hacker cryptocurrency of choice) to pay off cybercriminals in the event their data is held hostage.

While stockpiling cryptocurrency to pay cyber ransoms may seem like an expedient method for getting your organization up and running again quickly and keeping a breach under wraps, there are several reasons the practice is discouraged by most cybersecurity experts.

• Buying cryptocurrency can be risky; values can fluctuate wildly. Some experts warn that the bubble is about to burst, and the current crop of cryptocurrencies may just be a passing fad.
• Paying off attackers does not guarantee your files will get decrypted or that you will regain access to affected systems. There are numerous cases in the past where organizations paid a ransom and got nothing in return or received bogus keys that wouldn’t unlock their data. Cryptocurrency transactions can’t be reversed, once you’ve made the payment, it’s gone for good.
• After paying off an extortion demand, you are likely to be marked as a “sucker”. There is a strong possibility that cybercriminals will continue to target your organization if they believe you are an “easy touch.”
• Most importantly, paying off cybercriminals only makes the problem worse. It encourages cybercriminals to target other organizations and entices other criminals to see ransomware as a lucrative activity and get involved. Additionally, when ransoms are paid, the money is often used by bad actors to fund other illicit activity.

Strategy 2: Purchase Cyber Insurance

Cyber insurance can help your organization mitigate risk exposure by offsetting costs involved with recovery after you have been victimized by a ransomware attack. Purchasing a cyber insurance policy won’t shield your organization from cybercrime; however, it can keep you from going bankrupt if a significant security event occurs. It can help defray notification costs, credit monitoring charges, expenses for defending claims by regulators, fines and penalties incurred, when confidential records are breached. If your organization collects or stores personally identifiable information on customers or employees digitally, you should consider purchasing a cyber insurance policy.

Unfortunately, most cyber insurance policies are relatively expensive, offer scant protection, and often exclude the threats you are most vulnerable to. Cyber insurance has other drawbacks as well:

• Purchasing a cyber insurance policy can be complicated. Finding the right coverage for the right price can be a challenge. Policy terms and conditions can be very rigid. Minor changes to the terms can determine whether your organization is fully covered for a particular type of breach event or not covered at all. For example, some policies may not provide coverage if you do not have specific security protocols in place or if your employees fail to follow them (which is the most common cause of ransomware attacks). Cyber policies also generally don’t cover ransomware attacks that can be traced back to malicious insiders, such as a rogue employee or a disgruntled third-party vendor.
• Most policies won’t cover the damage your reputation can suffer from a cyberattack. Your customers need to know that you are safeguarding their data, and if they find out it isn’t safe from ransomware attacks, they are unlikely to do business with you in the future. The fallout from a data breach and loss of customer trust can follow an organization long after an incident has been resolved.
• Purchasing a cyber insurance policy isn’t a replacement for implementing rigorous cybersecurity policies, processes, practices, and systems. Some organizations operate under the assumption that they don’t need to invest in cybersecurity measures because their insurance will cover losses if they get hacked. While cyber insurance offers a safety net for organizations experiencing a ransomware attack or privacy-related loss, it is only intended to complement sound cybersecurity measures not replace them.

Strategy 3: Strengthen Your Defenses to Prevent Attacks

Preventing attacks before they happen is by far your best strategy for dealing with ransomware. Proactively implementing cybersecurity best practices and processes for protecting your data, including identifying sensitive data, tracking where it resides, and implementing technology and business practices to protect it is your best defense against ransomware attacks. Regardless of whether you stockpile cryptocurrencies to pay off extortionists or purchase cyber insurance to help defray the cost of a ransomware attack, investing in a comprehensive cybersecurity program with real-time protection designed to thwart advanced malware attacks by shielding vulnerable programs from threats and blocking ransomware from holding files hostage is a must.

Cybersecurity measures you can take to help prevent ransomware attacks include:

• Update and patch your systems regularly to ensure vulnerable systems are not used to run ransomware exploits.
• Perform regular external system data backups that will enable you to restore information from prior to the time of the ransomware attack. All systems and data should be backed up daily, and critical systems and data should be backed up hourly.
• Periodically test your backup restore process works to ensure it is working properly.
• Make sure all your employees are aware of and educated about the tactics used in ransomware and other attacks. Most attacks are made possible by human error or human involvement. Train your users to avoid downloading, clicking on links, or connecting unknown USB devices on computer systems.
• Block malware at the firewall with advanced firewalls that can stop malware from being downloaded.
• Install intrusion detection software to monitor illegal activities on computer networks.
• Install application whitelisting software, anti-virus, or anti-malware to stop malware from executing on desktop computers.
• Perform penetration testing on a regular basis to determine whether any existing vulnerabilities should be addressed.

Conclusion

There will always be new, more hyper-evolved variants of ransomware and new vulnerabilities discovered in commonly used applications. While cybersecurity vigilance is key, there is no guarantee that it will prevent a ransomware attack. You should be prepared with an effective response plan to deal with the fallout in case you are victimized. Consider stockpiling cryptocurrencies, purchasing a cyber insurance policy, and beefing up your backup and restore capabilities as viable alternatives for protecting your business from the potential costs of a ransomware attack.