While computer networks are notoriously vulnerable to a whole host of threats from viruses, malware, and data theft, ransomware attacks are a growing menace that can be particularly distressing and costly for small and large businesses alike.
Just ask Norsk Hydro of Norway, one of the world’s largest producers of aluminum, recently “hit by a serious ransomware attack that shut down its worldwide network, stopped or disrupted plants, and sent IT workers scrambling,” according to breaking news from ArsTechica on March 19, 2019.
A text file, displayed by the attackers included the following message:
“There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all your data by mistake or for fun.
Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore that data. Attempts to restore your data with third-party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data.”
The text file ended with a ransom demand for an undisclosed amount, payable with Bitcoin.
The ransomware infection, dubbed LockerGoga, began with the company’s computers in the United States, then spread to other parts of the company, located in 40 other countries around the world. Some plants stopped production altogether to prevent further spread of the infection, while other critical operations, which needed to run continuously, were switched to manual mode. The company’s 35,000 employees were ordered to keep their workstation computers turned off.
At present it is impossible to tell what the eventual fallout of the attack will be, but the attack has already resulted in a loss of future orders from customers, as well as many hours of lost production due to plant shutdowns. Early estimates put losses from the cyber-attack at more than $40 million.
Ransomware attacks like these are the result of network infiltration by a specific type of malware designed to lock down network systems by encrypting files, denying access to critical data and information.
Once ransomware is deployed, the victim’s choices are limited to paying the ransom, accessing affected files from backups, or hiring a security team to eradicate the infection.
In light of this attack, and many others you’ve heard about through mainstream media, you might be wondering how you can prevent a similar attack on your own network. While no security strategy is 100% bulletproof, there are things you can do to safeguard your network and prevent attacks like these.
Safeguarding your network is particularly important for small and medium-sized businesses that often don’t have access to sophisticated resources or IT knowledge to implement the right security and backup solutions to prevent attacks. Here’s how to safeguard your systems and reduce your risk.
Safeguarding Your Small or Medium-Sized Business from Ransomware Attacks
Don’t Think You’re Too Small to Attack
While many of the ransomware attacks broadcast in the media happen to large corporations like Norsk Hydro of Norway, small and medium-sized businesses are also serious targets for ransomware attacks.
In fact, a recent survey, conducted by Osterman Research in 2017, confirmed that 35% of the 1,000 small businesses surveyed had been victims of ransomware attacks. 22% of the victims were forced to cease business operations as a result of the attacks.
The vast majority of the attacks (90%) resulted in more than 1 hour of downtime, while one in six of the ransomware infections created 25 hours or more in downtime, lost revenue, and lost productivity.
The most interesting fact, however, is that 50% of the organizations infected received ransom demands of less than $1,000. Many attackers count on the fact that small or medium-sized businesses will find it easier to pay the small ransom demand, rather than spend thousands of dollars to hire a security firm to eradicate the infection. That’s how attackers stay in business.
Build a Security-Based Company Culture
Today’s attackers are getting more sophisticated, which means that it takes more than software and hardware to prevent attacks on your network. In fact, your cybersecurity strategy can’t simply be limited to an IT provider or your IT department.
Everyone in your company from the CEO to the stock clerks need to be educated about cybersecurity. Attackers count on flawed human beings to help them carry out their attacks, and it works surprisingly well.
Attackers are getting better at disguising malicious links in emails or attachments, making them look completely legitimate and appearing to come from trusted institutions, family, friends, or colleagues.
Avoiding these ploys takes a staff that is properly trained to spot and avoid them. That’s why it’s so important to invest in cybersecurity education for every member of your team. Remember, when it comes to cybersecurity, your people can be your greatest strength or your greatest weakness.
Backups Are Crucial
In the event that your network is attacked by ransomware, your best defense is a secure, complete, and accurate backup of all your critical data. Having a trusted backup system will make your attacker’s demands irrelevant and minimize your downtime considerably.
At Monroy IT, we recommend investing in backup systems that include both onsite and offsite backup options. Offsite backup protects your files in the event of a fire or natural disaster. Onsite backups can help you restore data more quickly, reducing overall downtime.
It’s also crucial that you test your backup systems on a regular basis to ensure every backup is completed properly each and every time. Incomplete or non-existent backups won’t help you when ransomware strikes.
Keep Software Up-to-Date
Unpatched Windows operating systems are particularly vulnerable to many ransomware threats including the notorious WannaCry and NotPetya malware versions responsible for some of the most notorious ransomware attacks.
That’s why it’s so important to regularly perform ALL software updates, particularly critical updates to your Windows operating system. These updates close security holes and vulnerabilities that are often exploited by attackers.
While it can be a pain to interrupt your work to install these updates, making sure they get done can save untold hours of lost productivity if your systems are compromised.
To make things easier, we suggest setting all critical software to update automatically. You might also set updates to occur during scheduled downtime, such as during overnight hours, to avoid interrupting employee workflow.
Invest in Business-Grade Hardware
A high-quality, business-grade firewall can block many threats from ever entering your network. Unfortunately, many small business owners aren’t sure what they need and often rely on off-the-shelf firewalls available at their local office supply store. These firewalls are not designed for business use and don’t provide the protection you need to thwart serious malware threats.
If you aren’t sure what hardware you need, talk with a networking professional, who can recommend the right hardware for your specific needs.
Monitor Your Network and Log Activity
Preventing malware threats is a 24/7 job. That’s why it’s important to set up network monitoring, log all network traffic, and review your logs on a regular basis to spot potential problems.
Use Strong Passwords for Everything
Many attackers gain access to networks to deploy malicious software by exploiting weak passwords. Using strong passwords for absolutely everything that touches your network is crucial to lower your risk of attack.
So what is a strong password? Strong passwords contain at least 8 characters and include at least one uppercase character, one symbol, and one number.
Also, the longer a password is, the better. You can craft longer passwords that are easier to remember by using phrases combined with uppercase characters, numbers, and symbols. For example, the phrase ‘I love grandma’s apple pie!’ becomes a unique and complex password with the addition of a few letters, numbers and symbols - IL0veGr@ndm@’sAppl3PIE!
Also be sure to use unique passwords for every single login or point of entry. That way if any of your passwords is compromised, an attacker won’t have access to all of your logins.
Using a password manager can make it easier to keep a secure inventory of passwords that are unique and hard to break. Most also generate unique passwords for you, making it even easier to create strong passwords.
How to Respond to Attacks
While investing in cybersecurity training for your staff, updating your software, using the right firewall, and utilizing strong passwords can all contribute to greater overall security, no cybersecurity strategy is 100% effective. Most businesses will experience a cyber-attack at some point.
So what should you do when it happens?
First, NEVER pay the ransom. There is no guarantee that your attacker will actually unlock your files, even if you follow their instructions to the letter. Plus, giving in to the demands of your attacker means you are more likely to be attacked again at some point in the future. Paying the ransom also rewards the attacker and perpetuates the profitability of cybercrime.
Instead, contact a trusted IT professional as soon as possible. Don’t try to fix the problem on your own by “Googling” a potential solution. You might make the problem even worse, prolonging your downtime and increasing your risk of data loss.
Of course, having a strong cybersecurity plan in place before an attack occurs can minimize the damage and get you back to business sooner.
Is your network prepared to handle a ransomware attack? At Monroy IT Services, we can help you find out! Based in San Antonio, Texas, we’ve been helping small and medium-sized businesses secure their networks since 2007. Contact us today to create a well-designed security infrastructure that can protect your data and significantly reduce your vulnerability to attack.