Enterprise

Five Less Commonly Discussed Facts About Ransomware Everyone Should Know

Ransomware AttackBy now, it is safe to assume that almost everyone in business has at least heard about ransomware – the malicious software that works by luring a victim to click on an infected advertisement, email, attachment or website. Once someone takes the bait, it takes over and encrypts the content of the target organization’s hard drives and other connected electronics. Hackers are then in the position to demand payment to unlock the content – typically in bitcoin.

2017 was an unprecedented year for ransomware, with businesses, universities, hospitals, and law enforcement agencies affected—just to name a few. As I discussed in an earlier blog, it was just this past March that the Atlanta Municipal government was hit by a ransomware attack. But what are the implications of ransomware attacks? And what should you know about ransomware attacks that might not be obvious?

Here are five facts that are less commonly discussed about ransomware.

  1. Ransomware doesn’t just affect IT, it disrupts people’s lives.

Ransomware’s impact is not just limited to the IT department or the people working within the organization; it affects anyone who benefits from the targeted organization. In 2017, when WannaCry ransomware took down over 16 hospitals in the United Kingdom numerous patients had surgeries canceled or postponed. In the case of Atlanta, many residents were unable to pay tickets or utility bills—and in some cases the attack prevented residents of Atlanta from starting a new job. Ransomware affects many people—not just those who are part of the identified organization. In fact, one of the purposes of ransomware is simply to disrupt. The more disruption – inside or out of the organization – the better.

  1. It’s not a case of ‘if’ with ransomware, it’s a case of ‘when’.
It’s critical that organizations focus on both prevention and mitigation. Organizations should seek to prevent such attacks but operate with the knowledge that there is no way to 100% guarantee protection from ransomware. They should also focus on disaster recovery plans as well, making sure that they are backing up their data regularly and that they have alternative communication methods that do not depend on their network during an IT emergency.
Crisis communications must include all scenarios, which includes keeping bad actors out of the know when a network has already been compromised.
  1. Paying ransom doesn’t guarantee recovery of data.
Only 45% of small and medium businesses who paid attackers to release their data actually got it back. That’s why it’s so important to have an emergency preparedness plan. Organizations need to make sure their data is regularly backed up and stored on a separate system that cannot be accessed from the network. Data backup processes should also be regularly verified to ensure they’re capturing the necessary data and can be successfully and rapidly restored.
A ransomware attack does not mean that it is inevitable that you must pay.
  1. Ransomware attacks aren’t picky.

Many of the attacks you’ve probably heard about in the media concern healthcare organizations, but ransomware isn’t selective in who it targets—universities, police departments, local governments, HR departments, financial institutions, small, medium, and large businesses alike—everyone should take appropriate steps, both preventative and mitigating, to address the risk of ransomware.

  1. Ransomware is evolving.

As security operations wise up to ransomware, ransomware creators have created new techniques to successfully target organizations. These include slowing down and randomizing the encryption process, delivering ransomware through files instead of emails, and using polymorphic code—code that changes itself each time it runs while still achieving the same result. These are just a few of the ways that ransomware is evolving. It is important to stay aware of the ways ransomware might change and what the appropriate prevention and mitigation techniques are in response.

Key to any response and recovery plan is an alternative medium for secure communications. Secure messaging platforms like Vaporstream can help ensure that you keep communications ongoing should you need to address any ransomware threats and get systems back up and running without the knowledge of the bad actors that believe they have you at a disadvantage.  Ransomware is a huge problem for organizations, but with proper prevention, especially strong mitigation efforts, the damage it causes can be significantly reduced.

To find out more about Vaporstream Secure Messaging and how secure communications can thwart ransomware attackers, contact us. Even better, request to see Vaporstream in action.


Contributor: Kristi Perdue Hinkle