How to Protect Your Business from Ransomware

June 30, 2016 • Published Categories Best Practices Tags , ,

Guest post by Vlad de Ramos, AIM Corporate Solutions

In what experts and Johnny Mnemonic have told us years before, information is now the most valuable asset in the digital age. Curiously, this became literal with the rise and resurgence of ransomware.

Hide Yo’ Data Files

As what the name implies, ransomware is a form of malware in which a software code holds your computer hostage until a ransom is paid. It will prevent you from using your PC in a number of ways, such as blocking access to Windows, encrypting files so you can’t use them, and stopping applications from running.

Ransomware initially reared its ugly head in 2013 and has become one of the most common attacks over the last few years. Today’s ransomware includes new features such as alternative payment options like Bitcoins, countdown timers, and new infection routines that will cause crippling damage if the victim doesn’t pay the ransom.

Hospitals have become the perfect target because they heavily rely on information. Without access to patient records, medical staff can’t administer proper patient care, making it critical for hospitals to secure the decryption key as soon as possible.

Unfortunately, though, as what non-virtual kidnap cases indicate, paying the ransom doesn’t always guarantee a solution. Case in point, Kansas Heart Hospital paid a small amount, but the decryption key was not provided. Instead, the criminals demanded more money. Fortunately, no patient data was at risk, and the hospital had a plan in place to minimize the damage.

Other hospitals, though, are not so lucky. Earlier this year, 10 MedStar facilities were forced to shut down their computer systems entirely, and switched to old school pen and paper.

With current technological innovations that allow businesses to extract, analyze, and manage data seamlessly – analytics, cloud technology, internet of things, and big data – information will become more and more important and tied to virtual systems. Criminal hackers have more options if they choose to expand operations.

Armed with a plan, a code, and anonymity, they can steal trade secrets or other valuable data that could be sold to the black market.

How to Avoid Getting Your Data Kidnapped

There are many available IT security tools today for businesses. However, just like old fashioned kidnapping, ransomware involves different tactics that rely on timing and social engineering.

Here are some best practices that you can use to avoid ransomware:

Apply cybersecurity basics.
There are basic security measures that any average person can do to reduce ransomware.

  • Be cautious about unsolicited emails. Criminal hackers rely on the classic paradox: you’re not sure if it’s the one you need, but how are you going to find out if you don’t open it? When in doubt, just leave it alone.
  • Don’t enable macros in document attachments received via email.
  • Always keep yourself informed about the security features of your business applications.
  • Show files with extensions. Criminal hackers are adept at disguising file types.
  • Open JavaScript files with Notepad by default.

Patch up early and often.
The malware doesn’t exactly arrive via the document. The macros take advantage of security bugs in popular applications and use it to gain a foothold into the system. Always update your applications to reduce risks.

Back-up regularly and always keep a copy of the back-up off site.
Granted that criminal hackers are becoming more sophisticated, and people can make innocent mistakes, sometimes your best option is to prepare for the worst. Also, there are other ways that you can lose files – theft, fire, flood, and accidental delete – so it’s much better always to back up your files as part of a contingency plan.

Manage user access.
According to Verizon’s Data Breach Incident Report 2016, one of the causes of data breach is privilege misuse, aka inside job. This is when users who have access to sensitive data as part of their job become accomplices or attackers themselves. While you can’t control people, it’s not impossible to treat employees as people instead of just cubicle monkeys.

Of course, not all employees are after their boss. Administrator rights should be kept limited and strictly used for specific tasks. Administrators should not stay logged longer than necessary; avoid opening suspicious documents and other regular activities. Keep in mind that as an administrator, you have direct access to important files and controls.

Implement a cybersecurity awareness program.
The other key reason hospitals are targeted is because cyber security isn’t their priority. Their primary concern is HIPAA compliance, which ensures that patient privacy is maintained. Employees aren’t trained for security awareness—a vulnerability that’s perfect for ransomware installation.

One of the commonly used ransomware is Locky, wherein the victim receives an email with an attachment. The document contains unreadable text and instructs the reader to enable Macros, with the primary intention of convincing you to click Options. Once done, Locky will execute on your computer.

All employees, from rank and file to management, should undergo an IT security awareness program so that they will be aware of the different hacking tactics. It’s important for employees to know the why, what, and how so that they will get the full picture of the potential ramifications of ransomware.

Mind and Manage the Evolving Threat

Ransomware has come a long way since its birth in Russia. With recent developments and continuous reliance on digital technology, these tactics are not going away as long as people are using them.

Keep in mind that you can have the best cyber security tool in the world, but it’s still possible to be taken down by a simple, innocent mistake by anyone. In data breach, prevention and mitigation are better than cure.

Vlad de Ramos has been in the IT industry for more than 22 years, focusing on IT Management, Infrastructure Design and IT Security. He is a certified information security professional, a certified ethical hacker, a forensics investigator, and a certified information systems auditor. Check out Vlad’s IT community here:

To learn more about the growing concern around cybersecurity within healthcare and how you can protect your organization from those threats, check out ControlScan’s blog post, “The Moving Target of Healthcare Cybersecurity.”

Leave a Comment