Ever since information first started being transmitted across the World Wide Web, cyber security has been a top priority for individuals and businesses alike. And never has it been more important than now, during the COVID pandemic. As businesses and educational institutions have turned to remote work and learning, cyber criminals have, unfortunately, also increased their online presence - and wreaked considerable havoc in the process.
The Rise of Ransomware
An October 2020 report released by EUROPOL, the European Union’s law enforcement agency, describes the soaring rates of cyber crime during COVID, and lists ransomware as among the most insidious and potentially devastating of these crimes. According to a Skybox Security 2020 Vulnerability and Threat Trends Report, the number of ransomware attacks jumped significantly in the first half of 2020, and ransomware now accounts for the most common type of malware – more than trojans and botnets.
Criminals use malware to take over information systems in an attempt to demand money – i.e., a ransom – for the data to be returned. A year ago, a former colleague of mine wrote an excellent blog on this very topic. His words have echoed in my mind this past week after my son’s school system became the victim of a serious ransomware attack that shut the schools down for a week.
Imagine the turmoil this caused everyone involved, including the teachers, students, and parents, and of course the administrators who worked around the clock to regain access to critical files and information, as well as to the virtual learning platform. This scenario has played out way too many times in other organizations in recent months. The threat of ransomware simply cannot be ignored.
How Does Ransomware Work?
So how does ransomware work, and what can you do about it? As described in my former coworker's blog, ransomware is a flavor of malware that installs itself on your computer via an email attachment, malicious website, or infected spreadsheet. Once self-installed, it encrypts all your important files, as well as your backup and restore capabilities, with two keys. One key is placed on your PC and the other is kept by the criminal responsible for the infection. Both keys are needed to decrypt the files. Once encrypted, there is nothing you can do to restore your files without that second key. The criminals demand a ransom to be paid in untraceable bit currency in exchange for the second key. Of course, even if you pay the ransom, there is no guarantee you will receive the second key.
Ransomware does not steal your sensitive data like bank account numbers or passwords, and it does not entirely wipe out files. Its sole intent is to demand money from the attacked party.
Ransomware variants have been given names such as CryptoLocker, WannaCry, Bad Rabbit, CryptoDefense, CryptoWall, Cerber, Locky, Jigsaw, and many others. Regardless of the variant, the result is the same. Your important files are encrypted and held for ransom. Once infected, you can restore your files but they will only be as current as your latest backup…as long as your backups are not on a local drive that could also be encrypted.
The first sign you have been infected by ransomware may be a pop-up on your screen that reads something like: “YOU ARE HACKED. ALL YOUR PERSONAL FILES HAVE BEEN ENCRYPTED! IF YOU WANT TO RESTORE YOUR DATA YOU HAVE TO PAY!”
If you see this message, your laptop has likely fallen victim to a ransomware attack.
Defend Your Remote Workforce Against Ransomware
As malicious as ransomware may be, there are steps you and your remote workers can take now to stay ahead of the ransomware threat.
- Stay current on anti-malware software on everyone’s computers
- Keep your computer operating systems up to date with the latest patches
- Use data storage best practices – this includes storing documents in multiple locations, including the cloud
- Back up every file that would impact your operation if lost
- Use the equivalent of BoxEdit, where the document is edited on the remote server, instead of BoxSync, where the document is edited and stored locally and synced to the cloud, to limit spreading an infection via document syncing
- Disable ActiveX content and macros in Microsoft Office, if feasible, to eliminate malicious code from executing
- Put important local Windows 10 folders such as backups into the Controlled Folder Access in Windows Defender
- Prepare a business continuity plan for after a ransomware attack, just as you would for a natural disaster or power outage
- Educate your remote workforce to recognize malicious email attachments and links and to avoid launching them
- Invest in a security audit (either internal or external) to identify and correct any weaknesses in your organization’s data and communication systems
Don’t Wait for the Ransom Note
Defending your computer and those of your remote workforce against ransomware attacks requires vigilance today more than ever. The tips listed above will help you be proactive and prevent an attack that could cripple or shut down your business or organization. As you close out 2020, do what it takes to make protection against ransomware a top priority. This is one type of code you don’t want to mess with.