Thinking You’re Immune from Ransomware? Think Again.
Recently, the ABA Journal reported on two small law firms whose data was attacked by the hacking group Maze. In past incidents, Maze has ransomed similar attacks for more than $1 million – dramatically impacting the growth of their victims.
In light of these attacks, it’s clear that if you haven’t experienced a ransomware attack yet, the odds are that your turn is coming, and the risk goes up every year. The FBI’s Internet Crime Complaint Center (IC3) publishes an annual Internet Crime Report and the statistics for 2018 alone are pretty grim. In 2018, the IC3 took in more than 350,000 complaints – mostly from organizations and individuals who thought it couldn’t happen to them.
The combined impact of these kinds of cybercrimes is mind-blowing, with losses running into the billions. The disruptions hit just about every sector you can think of, sometimes disabling vital systems that sustain law firms, financial institutions, hospitals, airlines, and even critical infrastructure networks.
How does ransomware work and where does it come from?
The idea of a tormented computer savant in a hoodie has been exaggerated and over-romanticized in big budget TV shows like Mr. Robot. The fact is that law firm ransomware attacks take countless forms and exploit a constantly evolving mix of hardware, software, and human vulnerabilities. The attack may come from a lone bad actor in search of bragging rights, the way a vandal might choose a car at random to smash a light or slash a tire. Other attacks may be more organized, sinister, and deliberately targeted.
Ransomware is a kind of malware that identifies data storage drives on an infected system and gets busy encrypting files within each drive – usually undetected until after the damage is done. Some of the more infamous varieties you may have heard of include locky, cryptolocker, or petya, and they all make infected data useless or inaccessible until an untraceable ransom is paid. The really scary part is that it doesn’t stop there. If you don’t have the right preventive measures in place, the initial ransomware infection can quickly hitch a ride to every shared device or file that was accessible from the original computer.
Sadly, even when the victim pays up, the bad guys often refuse to decrypt the data, or extort more payments with threats to expose sensitive data or sell it on the dark web. Small to medium sized businesses (SMBs) are especially vulnerable, with industry-estimated losses ranging from $40,000 to $55,000 to over $100,000 from a single attack. Ransomware can arrive when an unsuspecting member of your team opens a phishing email or downloads an unknown file from a sketchy source.
Have you implemented these measures to prevent ransomware infections?
- Make sure you have written data protection and disaster recovery plans in place. It’s also important to share them widely in your organization so that everyone understands their role in protecting your data. Regular phishing tests are very effective tools to raise awareness and vigilance.
- Open emails cautiously. Speaking of phishing, where classic “Nigerian Prince” versions seem quaint and laughable by today’s standards, these kinds of attacks are getting much more sophisticated. Even if an email looks legitimate, don’t click on any links until you can verify the source.
- Keep security patches up to date for all applications. Ransomware protection isn’t a one-and-done activity. Threats evolve rapidly to stay ahead of new security measures and new vulnerabilities will open up with shifting user habits, and as you adopt new hardware and software.
- Drive adoption of preventive software tools. Follow a rigorous IT process for installing antivirus software, email filtering features, and antivirus applications and be sure to keep them up to date. Even the most powerful tools are no good if your people don’t adopt them – so train, train, train.
- Perform frequent systemwide backups. There are business continuity software platforms that can help you recover from a ransomware attack by restoring your systems to the last known safe state before the attack took place. The best ones allow flexible physical and virtual restoration.
- Keep your backups physically separate. If your backup files are accessible from your daily operating platform, chances are they’ll become infected when your end points “phone home” to upload new versions. Storage appliances are widely available at a variety of price points.
- Stay informed about the latest ransomware threats. The FBI, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) all publish regular reports and updates on new trends and vulnerabilities to watch out for. You can subscribe to authoritative newsletters and adjust your protection plans regularly.
Platforms like NetDocuments not only help you gain control of documents and email, but the powerful military-grade encryption we use on individual files prevents the majority of malware, worms, and ransomware from spreading if one file becomes infected. The most important thing is to stay vigilant and stick relentlessly to common-sense best practices. Awareness is your most powerful weapon in the never-ending data protection battle.