2018 is the year that most people added the word cryptocurrency to their vocabulary.  Bitcoin, Ethereum, and Litecoin dominated the news cycle as many people became rich from the cryptocurrency bubble.  What the news didn't report is that many people had been making money in cryptocurrency long before the bubble this year.  Hackers have been using Bitcoin and other cryptocurrencies for several years to exploit people out of their money.

What is Ransomware?

First appearing in 2013, ransomware is a new type of computer virus that infects a computer, server or other Internet-connected device, and secretly encrypts all the files on the computer and network that it is connected to without the user knowing.  When a file is encrypted, it cannot be opened without a key.  Ransomware basically puts your files in a secure vault that you can't access without the hacker's key.  The hacker is willing to give you that key -- for a price.  Depending on the number of files and how big of a catch the hacker thinks they have, that price could be thousands of dollars or more.

The hackers then require that you send them bitcoin or other cryptocurrency because it is an untraceable transaction.  For those that don't have a few bitcoins laying around, you have to create a bitcoin wallet, go to an ATM machine to deposit cash, pay a large fee to convert the cash to bitcoin and then send the bitcoin to the hacker.  The hacker will then send you the key to unlock (hopefully) your files and you can go on your merry way.

Since the initial release of Cryptolocker in 2013, the number of different ransomware variants have exploded.  There are now hundreds of different ransom-style viruses that infect computers and networks in different ways.  Most are still coming in through emails or infected websites.  One of the scariest aspects to ransomware is that one computer connected to your network can encrypt all the files that it has access to, including your file server.  A remote user connected to your network from a home computer that is infected could potentially lock all your important files in a vault.

Another new trend is rather than pay a fee to the hackers, they want you to infect your friends to pay.  Can we call this social hacking?

If you pay the ransom and decrypt your files, do you feel confident that the infection is gone from your systems?  What is stopping the hacker from coming back for more?

Organizations large and small are being hit with Ransomware.  Many companies pay because they find that they have no other way of getting access to their data.  That makes the hackers more likely to continue to strike again and again and again.

How to Protect Against Ransomware

Security requires a multi-layered approach.  No one protection against ransomware will fully prevent it.  You don't have to be a paying victim - ever - by following these measures.

  1. Desktop virus protection: Every computer on your network, including PCs, MACs, servers, embedded systems, and remote users need to have managed enterprise level virus and malware protection.  This is the front line of defense against viruses infecting your network.
  2. Management and monitoring of protection: Users should never be able to disable virus protection and the software should be monitored by a management agent that makes sure all computers on the network are in compliance with the security policies.
  3. Email protection: Since most infections are coming in through email, scanning, detecting and eliminating SPAM and viruses through email is essential.
  4. Remove administrative rights: Daily user logins to computers should not have administrative rights to install software and make changes to the systems.  This prevents unwanted software from being installed on the computers.
  5. Advanced Firewalls and Intrusion Prevention: Protecting your network at the edge is essential for security.  Advanced firewalls contain a list of bad sites on the Internet and won't let software come in from locations that are known problems.  They can also detect virus payloads and block them before entering the network.
  6. Backups and business continuity devices:  All critical data locations should be backed up as frequently as possible.  Local backups are no longer a protection because they can also be encrypted.  Backups should be automated and stored in a secure offsite location.  A business continuity appliance can replicate all your data throughout the day and have you up and running locally or in the cloud within minutes of an infection.
  7. Employee Training: Your employees need to be aware of the threat.  Ransomware preys on victims that are unaware of the potential harm of clicking on the wrong link or opening the wrong file can cause.  Recurrent training is essential to protecting your critical data.

Missing any part of these steps can cause a potential breech in your network and can cost you significantly.  An interesting story from the beginning of 2018 showed that a hospital in Indiana decided to pay the ransom of $55,000 even though they had good backups.  If you consider the cost of your employees not being able to work, your company not being able to process orders or serve your clients, $55,000 may be a small amount to pay.  Only complete protection, with a business continuity appliance being the last line of defense, can truly protect your business from threats today.

Contact us today for help with protecting your business from cyber attacks. Also be sure to download our FREE report "Be sure to download our FREE report The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus To Rob You Blind," by filling out the form on this page.