One of the most widespread and damaging security threats to businesses today continues to be ransomware. Ransomware is a form of malicious software (or malware) that encrypts files on a computer, file share, and/or server so they become unusable. The attackers then extort money from the business to unlock the files. Depending on the business, the ransom can range from thousands to hundreds of thousands of dollars to restore access to data, totally disabling a business and its’ operations.
What impact would your business face if its data become unusable?
Does your business have the right security posture, tools, and training in place to protect against ransomware? The reality is, there is no way to guarantee a business will never be susceptible. The goal is to make it as difficult as possible for the attacker to compromise data. To help mitigate the risk of ransomware, businesses should review their IT Security posture to ensure:
- Proper tools are deployed to identify, protect and remediate attacks while considering the cost/benefit based on business requirements
- Incident response and remediation plans exist and adhere to business needs allowing for quick action on security threats
- Training your employees and creating a culture of preparedness; most ransomware threats enter the business through end users
- Backup policies that not only include all critical data and systems but also have proper recovery time and recovery point objectives identified
Obtain and evaluate a cyber security insurance policy
“But this doesn’t pertain to my business, since we have anti-virus on all of our systems.”
FALSE, simply having anti-virus software installed on a system doesn’t guarantee it is protected. In recent months, West Monroe has worked with clients impacted by ransomware who had anti-virus deployed on all systems. They were still heavily impacted by ransomware.
A true story: one customer’s ransomware attack
An end user clicked on a malicious link within an email. The link was masked to look like a safe website, but secretly installed ransomware on the workstation. Even though the end user had anti-virus software installed, the workstation was still infected.
After becoming infected, the ransomware spread to all “shared network drives” the end user had access to and encrypted over 2TB of file share data.
This user had elevated administrator privileges, so the ransomware was able to encrypt data on several servers throughout the network, rendering core business applications unusable.
To remediate, we followed a systematic approach:
- Identified the source of the attack and removed the infected system from the network
- Recommend and implement a new anti-virus/anti-ransomware solution across all workstations and servers that was able to identify and remove the ransomware. The previous anti-virus couldn’t even identify the ransomware on systems
- Create scripts that continuously crawl the network looking for infected files and report back to the Incident Response Team
- Restore over 2TB of critical business data from the managed backup solution
- Restore critical business application servers from backup to restore services within hours (not days or weeks)
- Reduce administrator privileges across users
- Provide options to implement an Intrusion Detection System (IDS) on the perimeter of the network that provides certainty the ransomware is no longer active within the network and communicating back to the attacker
Is your business truly protected against ransomware? Don’t let your company be held hostage.
Many managed services providers just oversee established security tools. We help you manage your threat landscape. That’s a big difference in approach that can make a big difference in your operations. To learn more read about our Security Management services or contact a member of our Performance Services team.