Recent news has cast a spotlight on Ransomware, due to the zero day attack on Lincolnshire County Council. The council stood its ground and refused to pay, discovering that they were successfully able to defend against the attack due to their security software - the kind of software we are advocating here. Unfortunately, such attacks are not always easily thwarted and in many cases businesses wind up caving and handing over payment. You will never read about those in the paper because no one wants to talk about them.
Ransomware Not Just an Individual Problem
Perhaps you have known someone personally who had to deal with ransomware after clicking on the wrong link or downloading the wrong app. Perhaps you were one of the friends or family members they called frantically asking what to do. You might think that given proper security protocols it could not happen to your business, behind your corporate firewall. Unfortunately, ransomware is getting more clever by the day.
Ransomware, a Hidden Problem
Trouble is, much like those pesky human viruses that only go stronger over time, ransomware continues to grow and learn. In large part, it certainly does not help that many companies choose to simply pay up, and that public companies are being especially targeted by custom malware, because attackers hope for big pay offs. To attackers, ransomware is a business. The more often they strike, the more attackers learn about what works - and what doesn't - and the better invested they are in developing ever newer and better malware.
Ransomware, the Zero Day Problem, and How to Deal with It
As discussed in the Lincolnshire case above, the specific ransomware involved was Zero Day. This means the trojan virus was specifically created and targeted at this server so that it was unknown anywhere else in the world. Traditional antivirus software is powerless against such an intrusion, because traditional antivirus software is designed to look for specific code. Such software will not detect custom-created malware because such malware is unknown, as yet, in any database.
Let us say your enterprise software is attacked by a custom-made virus and all you have in place is standard antivirus software. By the time the virus gets added to a database, it will be too late because you were ground zero. For this reason, you need additional protection ahead of time, security software which actively searches for suspicious activity as opposed to a specific, known malicious code, software such as System Watcher. System Watcher, or software like it, is necessary in an enterprise context, because you are more likely to be hit with a specific, targeted attack by an attacker who knows what they are doing.
How to Respond to Ransomware?
If you have been attacked by ransomware, or if you are filling out a risk assessment matrix in case you ever are, in either case we strongly encourage you to include security consultation as part of your response. Here is why.
1. You really do not know who is asking for money. If you are considering paying off attackers, bear in mind that you do not know who you are going to pay off or what they ultimately want. Perhaps it is a competitor who secretly wants to steal information from you and is looking to exploit your security by pretending to fix your problem. Before coming to any decision, please consult with outside security, someone who knows the business and can - at least - tell you who the attacker is and whether a pay off will make the problem go away.
2. Ransomware really can destroy data. Conversely, if you are hoping this attack is an empty threat, you may be tempted to ignore the threat and hope that after a time the DDOS attack (or however the ransomware is expressing itself) simply goes away when attackers see this is not working. It may. Then again, it may not. In this modern era, it is an unfortunate fact that clever attackers have ways to destroy your data beyond possibility of retrieval, and they have found it lucrative to do so in order to encourage others to comply. Again, if you find yourself prey to one of these attacks, please consult with a trusted security agent to find out the proper response.
Catch Ransomware Before It Starts
As the two above points have hopefully illustrated, ransomware is a serious security concern, with serious incentive to attackers to create newer and better strains. What you really need is to catch malware before it can get far. That is why you need to have advanced, enterprise-grade security on your system. For more information on software security, including System Watcher, contact us today.
Get a FREE personalized security report
Please take a moment to fill out our short security survey and receive a customized report highlighting opportunities to make improvements based on your current situation.