Ransomware has been a prominent threat to organizations and individuals alike since the mid-2000s, but have become much more crippling to victims in recent years. Over the last year, large ransomware attacks began infecting computers all over the world taking down systems across multiple industries. The most notorious and largest cyberattack in history, dubbed the “WannaCry”, hit in May attacking more than 200,000 computers in over 150 countries in a matter of hours.  Striking again in June, another widespread attack hit major companies overseas hard. In both instances, attackers held the organization’s files hostage in exchange for a ransom payment which majorly disrupted day-to-day business operations. The use of these new technologies and strategies are making ransomware ambushes more powerful for cybercriminals.

What is Ransomware?

Ransomware is a type of malicious software or malware designed to prevent users from accessing their systems unless a ransom is paid.  These attacks can come from downloading malicious websites, spam emails or exploit kits preying on vulnerable systems. While some simple ransomware may lock a system which can be reversed by a technically savvy individual, today’s more advanced malware uses a technique called cryptoviral extortion. Infecting computers and propagating itself throughout a network encrypting files, this type of ransomware renders files unreadable by the organization until they pay the attackers to provide a decryption key. Demanding the ransom payment in the form of digital currencies, such as Ukash and Bitcoin, cybercriminals are able to protect their identity.

Preventing an Attack on Your System

Organizations of all sizes should take these preventative steps to help minimize the risk of a ransomware attack on their computer systems.

  • Update Your Windows Computers: Microsoft releases Windows patches constantly. For more information see Microsoft’s ever-changing Security Bulletins.
  • Keep Staff Aware: Users should be more cautious when opening email attachments or clicking on links which seem unusual or unsolicited. Develop an ongoing employee education program to share cybersecurity best practices such as identifying suspicious emails, determining the legitimacy of links and attachments, and how to respond if they feel their computer is infected. Encouraging open communication between end users and your IT department can also help keep risks at bay.
  • Leverage Your Antivirus Software: Your antivirus software won’t do you any good if it’s not kept up-to-date. Make sure you have chosen a robust  enough antivirus software to protect your systems. More importantly, your organization needs to continuously make any updates as soon as they are released.
  • Backup Your Data: If your organization is not backing up important data it is time to start. Data backups can be the most effective defense against ransomware. Backups should be adequately protected or stored off-line to ensure they can be used to restore your data even while your system is under attack. Periodically, attempts to restore data from backup media should be tested to ensure it is readily available and working properly.
  • Practice, Practice, Practice: Organizations should perform tabletop or walkthrough attacks to plan their response should a cyberattack surface.
  • Contain Viruses: If an employee feels like their computer has been infected, they should disconnect their computer from the network to prevent spreading the malware and contact the IT department immediately.

Wondering if your systems are vulnerable to a ransomware attack?  Contact Doeren Mayhew IT assurance and security consultants to perform an assessment of your system to detect potential risks to its integrity.

By John Hock, CPA, CISA – IT Audit Consultant, Doeren Mayhew