What is ransomware?

Well, if some recent, devastating cyber attacks are any indication, it may be today’s phishing vector of choice. Just a few weeks ago, the city of Baltimore was hit by a massive ransomware attack from a virus called “Robbinhood.” The hackers demanded $76,000 from the city as ransom for the data they stole—in keeping with standard protocol, the city refused to pay the ransom. In a similar attack in Riviera Beach, Florida, the ransom was for $600,000. Hedging their bets, Riviera Beach did pay their ransom.  For both cities, the cost of these attacks was incredibly high—Baltimore is facing almost 20 million dollars in lost revenue and expenditures to restore their data, while Riviera Beach both paid their ransom and demonstrated to hackers everywhere that they can’t afford not to pay a ransom. If they had only had certain processes and knowledge in place prior to the attacks, both of these cities could have fared far better. 

As most of us are aware, phishing attacks can take many different forms, from Business Email Compromise scams that mimic employee emails and request money or information, to fake emails from trusted business that use bad links or attachments to steal data. Ransomware takes a more direct route by installing malware, stealing data, and then requesting some form of payment to—ostensibly—restore the data to its owner. In some attacks, the data is in fact restored after the ransom is paid. Other times, hackers accept the ransom but never give the files back—which is why security professionals typically advise against paying the ransom. Either way, ransomware means a huge risk to personal data and—more likely than not—exorbitant costs to get systems up and running again. It’s important that we be able to protect ourselves and our organizations against these scams—but how do we do that?

First of all, like other phishing scams, email is the most common attack vector for ransomware. When a malicious link or attachment is clicked on, the virus runs a payload on the computer and encrypts files so that the owner can’t access them. What this means is that—typically, at least—preventing ransomware is as simple as preventing any other phishing attack. Don’t click on any strange links or attachments in unexpected emails, and remember to check for warning signs that the email may be malicious. If it’s unexpected, comes from a strange or incorrect email address, or requests unusual information, it’s probably a scam. When in doubt, delete the email and verify its contents externally—it could mean the difference between continued security and a ransomware nightmare.  

Second of all, in the event you do fall victim to a ransomware attack, it’s critical to have certain security measures in place to help you deal with the fallout. As IT expert Sean Gallagher notes, backups are key when it comes to surviving ransomware. If data is properly backed up to an external location, it can be recovered in the event that it’s stolen from the device itself. In addition, companies need a “disaster recovery (DR) plan,” something that plans for a potential worst-case scenario—not just low-level security snafus—and lays out ahead of time how the recovery process would work. A good DR plan minimizes loss and allows for a smoother recovery process in the event that a disaster does occur. (For more information on how to create a solid disaster recovery plan, see this article.)

What happened in Baltimore and Riviera Beach should serve as a serious wake up call. Ransomware attacks not only happen, they’re on the rise—and they could mean financial ruin or irrecoverable loss of data. As organizations or even as individuals, it’s important that we take the appropriate steps to recognize and prevent—or at least be able to deal with the consequences of —a breach. And the first step is awareness. Company leadership needs to be aware that ransomware could be a serious threat, and that concrete steps are needed to avoid disaster. Similarly, all company employees, down to the lowest level, must be familiar with phishing attacks and how to prevent ransomware from the first click. With that awareness in place, alongside strong communication between teams, maintaining and strengthening security—and keeping ransomware at bay—becomes much easier.

For more information on ransomware and cybersecurity check out available courses from Global Learning Systems in the OpenSesame course catalog.

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change, protect your organization and Strengthen Your Human Firewall®. In addition to carefully tailoring program materials to client needs, we offer an online learning platform, phishing simulation tool, courseware customization and high-touch customer service.