Ransomware & Phishing: 5 Steps to Keep Customers Off the Hook

Written by Channel
August 1, 2016

There’s a link between increasingly sophisticated phishing schemes and the ransomware epidemic.

By Kim Ann King

Malware is growing more sophisticated and complex, which in turn is creating more IT and business insecurity. For example, in the past, employee education about the dangers of opening emails from unfamiliar sources and clicking external links went a long way toward mitigating potential problems. And if someone did click on a link, the malware typically would encrypt only the files on the user’s desktop.

Now, ransomware is locking down entire IT infrastructures, making whole networks completely unusable. The recent spate of attacks on hospitals is an indication of just how far, and how low, malicious hackers will go. In March of this year alone, there were at least a dozen hospitals or hospital chains afflicted with ransomware, leading some facilities to declare emergencies and turn away patients because hospital personnel were unable to access records.{ad}

This uptick in ransomware even led to a rare joint cyber alert from the U.S. and Canadian governments, warning businesses and organizations, and recommending that they not pay the demanded ransom because there is no way to guarantee cyber criminals will release the data once they receive payment, which is usually demanded in largely untraceable bitcoin.

Let’s quickly look at why this is such a problem.

First, there are very few barriers to starting a ransomware business. The start-up costs are minimal, and attackers are able to write their own malicious code or even buy “ransomware-as-a-service” on the black market. With minimal up-front investment required, there is little risk to cyber thieves, yet the returns are potentially massive if they’re successful at attacking lucrative targets. According to an FBI official quoted in a CNBC article, in 2015 there was a reported loss of more than $24 million as a result of ransomware attacks.

In that same article, Matt Devost, CEO of FusionX, a unit of Accenture, states that the “most lucrative potential victims have a specific set of characteristics. They will typically hold critical information and infrastructure, have weak and vulnerable security programs that can easily be exploited, and have the ability to pay the ransom. Small- to medium-size U.S. hospitals have proven to be a sweet spot in ransomware in 2016 because they often have a poor security infrastructure in place and are willing to pay to retrieve patient data, get back online quickly, and prevent reputational damage.”

Second, phishing schemes are way too successful. Like malware-based ransomware, phishing is becoming more sophisticated all the time. In April, the FBI warned of a dramatic increase in email scams targeting businesses. Criminals are no longer simply sending poorly written fraudulent emails that employees can easily distinguish from legitimate messages. Instead, they are employing “spear phishing” techniques that involve researching the email recipient, perhaps by looking at his or her social media accounts, and then using this knowledge to customize the scam email to make it more plausible.

The FBI says a frequent scam is for criminals to assume the identity of …

{vpipagebreak}

… an executive, reputable business or even a government agency in an email to an employee with a seemingly reasonable request to send money. This is where malware, ransomware and phishing come together: Phishing attacks often give criminals entry into IT systems, which then allows malware and ransomware to spread and lock down the entire IT infrastructure.

The bottom line is this: Everyone is at risk — government agencies, health-care organizations, small-to-midsize businesses, nonprofits, and large enterprises. Everyone. Although authorities tell businesses not to pay ransoms, many do out of desperation, making these attacks even more attractive.

The best approach in the fight against ransomware is to help customers prepare ahead of time, rather than trying to clean up the mess after it happens.

Ready, Set, Defend

Start with a disaster recovery plan. Customers need a strategy to deal with the potential loss of data or access to computer systems, no matter what the cause — criminals or earthquake, fire, or other natural disaster. Period.
Perform scheduled backups regularly: Regular backups are the easiest way to protect data against ransomware attacks. Recommend that customers go the extra mile and encrypt data at rest. Then, if a device does become compromised, there’s minimal financial loss other than the cost of the device itself; the data remains safe.
Consider whitelisting technologies: This will help deflect unwanted software from customer systems, but it isn’t foolproof and should be used in concert with additional layers of security, such as network monitoring, firewalls, endpoint security and mobile-device management. Once vulnerabilities are found, they should be patched immediately. When you quickly apply security patches, you give cybercriminals less opportunity for injecting ransomware into your IT assets.
Avoid unnecessary and prolonged admin login access: Don’t let end users have admin privileges, and make sure authorized admins do not stay logged in any longer than necessary. The longer you remain logged in, the longer your digital paper trail, which attacker can use to their advantage. While in admin mode, avoid unnecessary activities that can be performed with regular login access.
Educate every employee on the dangers of phishing emails: Over the past few months, a majority of the Windows ransomware that has been propagated was embedded in documents and attachments distributed via email throughout entire organizations. Not surprisingly, this is still one of the most effective ways cybercriminals find the open door into corporate networks. Educate customer employees regularly on the dangers of clicking on even one attachment or link in an external email, and suggest making such a policy part of the employee onboarding process. That can go a long way in preventing malware from infiltrating the company network.

Kim Ann King serves as VP of Marketing at EiQ Networks, a pioneering security services provider, where she is responsible for all of EiQ’s global marketing efforts. She was previously the CMO of SiteSpect, a web and mobile optimization solutions provider, where she was responsible for brand awareness, demand generation, and organizational enablement initiatives that drove customer acquisition and retention. An award-winning marketer, King is also the author of The Complete Guide to B2B Marketing. Follow Kim on Twitter: @kimannking