Ransomware: It’s a term and many times part of committing fraud that many businesses have become all too familiar with in recent years. A form of malware, ransomware is used by bad actors to infiltrate a company’s IT platforms and essentially hold their systems, stolen data or both until payment is made by the company to the perpetrator. Access to company IT systems and stolen data could also enable these bad actors to commit identity theft, take over financial or other accounts, and conduct social engineering attacks. And by all accounts, ransomware crime is on the rise and is anticipated to become an even greater problem, largely due to the difficulty involved with identifying and prosecuting the offenders.
All of which begs the question: What can businesses do to prevent a ransomware attack, and what are the next steps if one happens?
Educate Employees
Ransomware attacks commonly begin through phishing. In these instances, employees receive emails that seem as though they’re from a trusted source, so they click on links or open attachments, which in turn install malware onto the IT platforms and kick off the ransomware attack. To help foil phishing attempts, employee education is key. Create regular reminders for employees about warning signs of phishing attempts, including:
- Misspellings and incorrect grammar within the email
- Return emails and hyperlinks that appear to be spoofed
- Urgent or unexpected emails requesting to click a link or open an attachment
- A message seemingly from a supervisor that is sent from an unknown platform
Gamifying phishing exercises can be a way to engage employees to stay alert and be mindful of evolving bad actor tactics. To increase participation and encourage reporting, consider providing rewards or recognition to associates who are the most frequent flaggers of phishing tests. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has additional information about how employers can help employees avoid phishing attempts.
Protect Your Processes
As the saying goes, an ounce of prevention is worth a pound of cure. In addition to educating employees, bolstering your IT systems can go a long way in preventing ransomware attacks as well as mitigating any that may occur. CISA recommends that you:
- Create backups of your critical systems and data
- Implement multi-factor authentication
- Patch systems and software
- Develop Incident Response Plan(s) and Business Continuity Operations Plans (and test them)
- Conduct a cybersecurity risk analysis
- Segment critical systems
- Perform security (penetration) tests on your systems
CISA also offers a range of no-cost cybersecurity services and tools available here to assist organizations with reducing their cybersecurity risk.
Responding to Ransomware
The FBI does not recommend paying ransom to unfreeze IT systems or recover data. This is for a variety of reasons, including:
- Paying the ransom does not guarantee that the fraudster will release your data, or sell it to another party
- Providing payment may increase the likelihood of another attack
If your business is impacted by a ransomware attack, the best next step is to activate your incident response plan, understand and limit immediate risks, and engage internal and external resources (including CISA and law enforcement) to fully contain, eradicate and recover from the incident. CISA has also published a Ransomware Response Checklist available here to help guide organizations when responding to ransomware.
Ransomware attacks pose a very real threat to businesses, but by taking proactive steps to align your teams, your processes and your response strategy, you can help protect your company from business disruption and making any payment to a criminal enterprise.
Justin Rainey serves as chief information security officer and chief privacy officer at UMB Financial Corporation. In this role, he is responsible for establishing strategy and overseeing implementation of an effective, integrated and proactive information security and privacy program. He is also responsible for advising and partnering with leadership to guide the management of emerging and actual cybersecurity, business continuity and resilience, physical information security, data privacy, third party and information governance risks.