Ransomware Overshadowed by Phishing, But It's Not Dead Yet

by John Callon

Industry InsightsMalwareRansomware

According to several recent surveys, phishing may have surpassed ransomware as the top concern for IT and security managers, and there may not be a single ransomware out there to capture the collective imagination like Locky did in 2016, but don't be misled—ransomware continues alive and well. Recent targeted Ryuk attacks have been hammering businesses, like the December infection at Tribune Publishing in Chicago.

In responding to surveys by Osterman Research, 20 percent of businesses using Office 365 and 17 percent of all businesses said they had suffered at least one successful ransomware attack during 2018, which put ransomware in sixth place in terms of the number of businesses affected behind phishing, virus/worm infections, successful DoS attacks, and stolen or accidental loss of data (two separate categories) by an employee or contractor. But since a successful ransomware attack has such a high probability of turning fully catastrophic for the business, that ranking doesn't fully capture the risk, and the idea that "only" one-fifth of businesses suffered a ransomware breach is enough to make any security staffer break into a flop sweat. 

So it seems a good moment to revisit the basic checklist to avoid becoming another ransomware statistic. In truth, there is no one ‘silver bullet’ that single-handedly stops all threats. But there are a series of steps you, your business, and your family and friends can take to significantly minimize the threat. See our basic best practices below, and,  to dig a bit deeper, do avail yourself of our ransomware resources page.

Know the Basics

As the old saying goes: “An ounce of prevention is worth a pound of cure.” As part of any security protocol, always make sure these “cybersecurity 101” steps are part of your personal and business routine.

Back up files at least once a day (or every few hours): If your computer does become infected, a back-up will enable you to wipe the hard drive clean and reinstall critical software and documents, without paying ransoms or buying a new computer.

Keep a recent copy of the files stored on a system that is not connected to your computer: As we saw with Locky, the infection quickly spread between networked computers and systems. Several times per week, back up files and systems on a separate network.

Provide regular cybersecurity training to staff: Ultimately the strongest form of security you have are staff members who are educated and wary about the types of cyberthreats targeting them.

Include social engineering training: Threats don’t always begin with an email. Cybercriminals are now calling staff directly and pretending they’re from the help desk or systems team and requesting access to important data, including documents, user names, and passwords.

Recognize that EVERYONE on staff is a target: In the world of cybercrime, both the junior intern and the CEO are potential targets, since both can provide varying degrees of access to internal systems and networks. Educate and protect all staff members not just those with access to sensitive data.

Train staff to NEVER EVER “enable macros”: Unless you’re working with software developers that regularly use Visual Basic, no one in your company will need or use macros. Further, the vast majority of employees will never receive any document that requires macros to operate. Train staff to watch out for files and a pop-up box that appears saying: “Security Warning: Macros have been disabled—Options.” Encourage them to ignore it and forward the email and document to the security team immediately.

Disable the macro settings in Office software: Set the defaults on employee Microsoft Office applications to make sure that macros are disabled.

Remind staff, friends, and family members to not open unsolicited or unexpected attachments: Many types of malware, including ransomware are often embedded in attachments.

Improve Your Protection

Security is a growing expense of doing business. Unfortunately, the truth is that while most companies employ some limited number of cybersecurity professionals, it is not always realistic resource-wise (or even wise) for a company to build their own security apparatus, particularly given the highly variable and complex nature of today’s cyberthreats. When selecting a cybersecurity vendor, organizations should evaluate their email security with an eye to the fact that more than 90% of all cyberattacks start in email. Gateways protect email and infrastructure with real-time anti-spam and anti-malware protection before threats reach end-users. We've produced this security buyer's guide, as well as a version specifically for Office 365 admins, if you are looking for a checklist of items to cover and questions to ask in selecting your vendors.

"Good Enough" Isn't Enough Anymore

The fact that emails (and not just phishing emails) are becoming increasingly stealthy underscores the importance of advanced security capabilities, like having network sandboxing inline in your email security solution. And it can't be just any old sandboxing -- so much ransomware today (and malware in general) is now programmed to detect when it is in a traditional, virtualized sandbox server, and thus evades detection by stopping itself from executing. Cloud-based “multi-array” solutions use a variety of sandboxes, each with different security features to identify and stop never-before-seen malware.

And, of course, endpoint security with active monitoring offers constant visibility into various network endpoints, so companies can identify breaches more quickly. It is critical to make sure that your company’s endpoint security is entirely up-to-date and operating with information that reflects the latest threats.

Enhance Your Prevention

Ongoing preventative measures can also help ensure that corporate and personal systems remain operational, even when cybercriminals attack, such as:

Backup and Recovery: Once a backup system is implemented, conduct regularly scheduled full- and incremental-data backups. Then, test the backups at consistent intervals to ensure accuracy and data recovery procedures. Remember to retest after system updates or upgrades.

Limit Network Shared Drives: While shared drive usage is popular and offers a level of convenience to employees, it also has limits when it comes to security. Consider adding no-write permissions, limiting the number of shared drives, or reducing the extent to which shared drives are mapped to large or sensitive file repositories.

Go back