Ransomware: The power of prevention
- By Matt Leonard
In December, the Carroll County Sheriff's Office in Arkansas paid about $2,400 worth of bitcoin to restore its systems after a ransomware attack locked computer files. Earlier that month, Mecklenburg County, N.C., was hit with ransomware attack, but refused to pay the attackers. Processes were slowed, but the county could rely on backup data to rebuild the systems, according to the Associated Press.
According to security experts, organizations can take relatively simple steps to protect themselves from ransomware -- and to ensure that their reponse can be more like Mecklenburg's.
The “vast majority” of ransomware attacks are the result of malware sent through email, but it can also come from websites, worm-like behavior and targeted attacks, according to Kevin Haley, the director of product management for security response at Symantec. A quality email gateway is important for scanning email and stripping out any executable files.
“That’s absolutely critical,” Jean-Pierre Auffret, the associate director of the center for assurance research and engineering at George Mason University. “People have been [using gateways] for years, but when we go back and do surveys, we find there’s some people that still aren’t doing it. You’re leaving a huge hole.”
It’s also important to patch endpoints, which is becoming easier with endpoint management systems that allow IT managers to automate the process, relieving users of the responsibility of keeping up with updates, Auffret said.
Like patching, backups are becoming more automated, and cloud services have also made it easier, Auffret said.
These backups should be on the cloud or in a separate network and stored in a different geographic location, which has the added benefit of being able to survive a fire or other disaster, he said.
Backups should not be stored on drives that are also used for day-to-day business. They shouldn’t automatically mount when a computer turns on, either. If backups are stored separately, then people will be less likely to access them and they’ll be more secure, Haley said.
“Cities and counties have become a somewhat popular target [for ransomware], and many of them have limited budgets and limited IT expertise, so it’s quite a challenge,” Auffret said.
Having backups doesn’t guarantee a quick recovery from ransomware, he said. Restoring systems "can still take a while,” Auffret said. But organizations won't need to pay ransom if backups are in place.
Localities that don’t have the IT resources of a large locality like Mecklenburg County have some places they can turn to for help. There are often resources available through the state government, and smaller governments have found success in partnerships with their larger neighbors. The Multi-State Information Sharing and Analysis Center also has resources on best practices and tools, Auffret said.
But the most important thing, is that people stop paying the ransom, Haley said. “Really the way that we will end this problem is when we stop paying to get our files back.”
Ransomware: Additional Reading
Ransomware defense depends on product upgrades, patches
Intelligence officials encouraged IT managers to patch software and retire products at the end of their lifecycles.
Ransomware protection for backup data
BackupAssist is adding ransomware protection to its suite of data recovery tools.
When it comes to ransomware, it’s sometimes best to pay up
Paying up may be the rational choice for some organizations, but given that cybercriminals go where the money is, the repercussions for others could be significant.