By now you know how ransomware works: hackers hijack data belonging to a business and demand a large payment to unencrypt it. You’re also probably aware of the spike in incidents over the last year as businesses have scrambled to establish a work-from-home (WFH) environment, leaving many security gaps to be exploited in the process.
Still, you might be confident that you won’t be a victim because you’re careful about backing up your data regularly and checking those backups for data integrity. If your data gets locked down, you’ll simply restore a current backup and you’re good to go, right?
Don’t misunderstand: Even with current backups, recovering from a ransomware attack is not easy. Still, the bad guys have figured out that when businesses have duplicate data to restore, they don’t get paid. So the game has now moved to a new level with extortionware.
The premise of extortionware, also called doxware, is this: The hackers don’t just separate you from your data, they threaten to publish it on the Dark Web if the ransom isn’t paid. So it’s no longer a game of keep-away with your data, it’s the potentially ruinous exposure of your most sensitive information. Your current backups become irrelevant.
Think about that for a moment. Your contracts, financial documents, employees’ personally identifiable information (PII) and more, are now all for sale to the highest bidder. Imagine the legal exposure and the potential damage to your reputation. That’s why many businesses that find themselves in this situation go ahead and pay the ransom. In this regard at least, the hackers appear to be honest. In the vast majority of cases, ransom payment results in a working decryption key.
Those ransom demands are often in the six-figure range, so just as with regular ransomware, preventing an attack is a far better option than trying to recover from one.
Conventional wisdom says that most attacks happen when an employee unwittingly clicks a malicious link in an email. There is some truth in that, and every organization should train its staff against such phishing attempts. But many attacks exploit weaknesses in peripheral hardware and software like firewalls, VPNs or other outdated infrastructure. Businesses often neglect patches and updates for these, and that creates opportunity for hackers.
Beyond these core IT components, more and more organizations are deploying a variety of internet-enabled devices, the ‘Internet of Things’ (IoT). These range from security cameras to inventory trackers to any number of industry-specific devices. All tend to have two things in common: they’re another connection between the web and your network; and they’re less convenient to patch and update.
“Out of sight, out of mind” applies here: once a new security system, for example, is up and running, it ceases to be a concern, and necessary patches and updates are forgotten … or put off because they’re harder to do. And that’s a big mistake.
There’s no single solution to avoiding a ransomware or extortionware attack. Success here is the result of doing many things right, and consistently. And there’s no completely bulletproof solution, but if you follow these best practices, chances are good that a hacker will move on in search of a softer target.
Need to take a closer look at your organization’s security profile? Contact Hill Tech Solutions.