Mitigating the ransomware risk

Ransomware is a money-making machine for the most organised criminal endeavours; last year Bitdefender Chief Security Strategist Catalin Cosoi reported that a single ransomware operation made more than a $1m in just one week. With these organised gangs having plenty of money to invest in improving their operations, it's not surprising that business is firmly in the criminal crosshairs. While the scattergun phishing approach will continue to trap unsuspecting consumers, automated targeting systems will look to business victims for higher ransoms.

Statistics don't always paint a complete picture, we know that. But when it comes to the ransomware threat being faced by business it sure isn't a pretty one.

According to a PhishMe malware review 97% of all phishing emails contain some form of ransomware payload. Yet a study at the Friedrich-Alexander University in Germany by Dr Zinaida Benenson last year showed 45% of people clicked on a link in a mock phishing email despite 78% saying they were aware of the dangers such links pose.

An IBM study suggests that 70% of ransomware business victims paid the ransom in 2016. Yet some 52% of organisations that had been a cybercrime victim last year aren’t changing their security measures for this year. And 52% of them expect their security budgets in 2017 to either fall or stay the same.

What should we learn from this? That phishing distributes ransomware, and employees aren't as aware of the real risks attachments and links pose as they might say. And, for bad measure, it appears that even organisations that have been caught out by ransomware aren't investing in measures to prevent it happening again.

As with all malware mitigation strategies prevention is better than cure. But even if ransomware does penetrate your defences, being prepared can help avoid the need to even consider paying the ransom or losing business:

1. Backup

Employ a strong backup strategy as part of your business continuity planning. Run regular tests to ensure these backups can be restored in a crisis situation.

2. Segment

Ensure there is a physical and logical separation of data based upon value to the business, sensitive data should never reside alongside the email server environment for example.

3. Train

Everyone, from the CEO to the shop floor, should be made aware of what constitutes risky behaviour and why. Automated phishing simulations can help to this end.

4. Protect

Implement an endpoint security solution. Bitdefender has long been at the forefront of malware detection research, with a team working on machine learning algorithms that have been learning to identify new and unknown threats (including ransomware) since 2009. Bitdefender trains these machine learning algorithms, a form of artificial intelligence, on massive datasets of ransomware samples. By so doing, it can uncover the indicators of compromise that enable even new and unknown ransomware variants to be prevented from infecting your networks.

Even if you have not properly prepared for the worse case scenario, and you do get infected, your data may not yet be lost.  Before contacting the bad guys, give the good guys a chance. Bitdefender is an associate partner in the No More Ransom project and has contributed to the development of new decryption tools and decryption keys.

ComputerWorld and Bitdefender specialists will be demonstrating live how Bitdefender can help you protect your business from ransomeware attack.  Use the link below to register, don't worry if you can't make the live recording you will be sent a copy of the recording