Recently, there've been a spate of ransomware attacks on organizations both small and midsized. Ransomware is a growing threat to organizations with some reports showing incidents increased 113% last year compared to the year before.
In ransomware attacks, computers are infected when users open an infected attachment from a seemingly legitimate email. By opening the attached file and allowing macro to run, the malware is downloaded and begins to encrypt files. It's designed to go unnoticed until it's completed the process of encrypting files. Thereafter, a ransom message is displayed on-screen, demanding payment should you ever want to see your files again.
Test your basic ransomware understanding with a few true-or-false questions.
True or false?
• It's always best to pay the ransom quickly and move on to recovery mode.
False. The FBI, industry officials, and Wipfli do not recommend paying the ransom. Remember, you are dealing with criminals and there is no guarantee you'll get the key to access your files.
• Responding to a ransomware attack is the same as responding to other kinds of data breaches.
False. Ransomware essentially locks your data to keep it from you; it doesn't steal it.
• Ransomware attacks are random.
True. No organization is immune, and the great majority of ransomware attacks are random.
What can you do?
Plenty. Ransomware is a serious form of extortion and a serious crisis. Defend yourself with the following tips.
• Back up, back up, back up. This is truly the single most important measure and the fastest way to regain access to your critical files. All data should be regularly backed up and kept in a separate and secure location. Your backup system should provide the ability to recover from multiple backup sets and recovery points.
• Train, train, train. Every employee should be trained to spot suspicious messages and know that if they weren't expecting an email attachment, they should never open it. Training must start as part of new-hire orientation and include regular refresher sessions throughout the year. Just a small portion of the money paid to extortionists could have otherwise gone a long way in training for prevention.
• Patch and update software. Malware often looks for security bugs in popular outdated software applications. Enable automated patches for your operating system and Web browser. Keep software up to date. Patch the holes and close the opportunities.
• Keep anti-virus software up to date. Hundreds of new malware variations are introduced each day, and all are trying to find your vulnerabilities. Keep your security software up to date.
• Use Web, email virus/spam filters. Use a third-party email filtering service that blocks spam and virus-laden messages before they arrive at your server. And use pop-up blockers.
• Maintain a strong firewall. Enable automatic updates, test for leaks, and check ports.
• Develop an incident response plan that includes malware attacks. Practice it and continue to modify it as needed. Having trained staff to address an aftermath can significantly reduce downtime and the accompanying expenses.
• Conduct a network review. A reliable third party can help spot weaknesses both in systems and processes and help you shore them up. Contact Wipfli for information about review and risk assessment services.
For more information, visit wipfli.com/cybersecurity.
• Paul Johnson is senior manager at Wipfli CPAs and Consultants.