How to Plan for Ransomware in 2018

Heart monitors go off simultaneously. Doctors get error messages when trying to access patient records. Then all the computers in the facility go black. The following message appears in scrolling green text:

“HELLO GREY-SLOAN MEMORIAL
Currently, we control your hospital. We own your servers.”

The message demands 4,932 bitcoin — about $20 million in the show but over $71 million as of January 2, 2018 — for an encryption key to unlock the medical records. The records will be destroyed if the ransom isn’t paid in a timely manner.

If you’re a “Grey’s Anatomy” fan, you’ll recognize this scenario as the plot of the series’ dramatic winter finale. While the writers take some artistic license with the technical details of the attack, the show clearly portrays the ethical dilemma businesses often face during a ransomware attack: Do they risk extended downtime and/or data loss while they try to recover their data? Or do they give in and pay the ransom, encouraging future attacks?

How will you respond when ransomware targets your business? We say “when” because 71 percent of cybersecurity experts believe there’s a moderate to extreme possibility their organizations will experience ransomware attacks in the next 12 months.

Here are our top recommendations for protecting your data against ransomware in 2018.

Prepare for Ransomware in the Cloud

Nearly 44 percent of the malware found in the cloud is carrying ransomware, and in 2017, attacks against cloud storage increased. This threat is exacerbated by the fact that cloud applications are available on demand. Any employee can go online, sign up for a free service and download infected software. If they share a service with other employees, the infection can rapidly spread to other systems, thanks to the sync-and-share functionality that’s common to many cloud applications.

Your risk increases if employees access data stored in the cloud using personal devices that aren’t properly maintained, patched and updated. To reduce ransomware threats from shadow IT, make sure you have a bring-your-own-device (BYOD) policy in place, look for unusual activity on the network and follow the rest of our tips below.

Patch Everything

The WannaCry attack infected more than 200,000 computers in 150 countries — all by exploiting
vulnerabilities in older Microsoft operating systems. In fact, as Webroot’s VP of cybersecurity and engineering points out, many of 2017’s ransomware attacks could have been mitigated simply by patching systems. It’s worth noting that the colossal Equifax breach — although not a ransomware attack — was reportedly caused by an employee’s failure to apply a software patch.

To thwart criminals exploiting known vulnerabilities in trusted applications, the solution is simple (though admittedly easier said than done): Patch everything. Patch your applications, software, hardware and connected devices as soon as updates are available.

Train Employees to Look for the Latest Phishing Scams

Timely employee training is one of the most effective ways to combat ransomware, as it typically enters the organization through an employee opening a compromised email attachment, falling for a phishing email or visiting a compromised website.

It’s getting harder to spot scams because scammers are skilled at harvesting data from social networks and other online researchers to spoof an email from a well-known brand or impersonate trusted content. In fact, spoofing and impersonation comprise 67 percent of successful phishing attacks. Spammers are also hijacking legitimate domains, which they use to create phishing pages. The sites’ good reputations allow the newly created phishing pages to slip past anti-phishing filters.

However, these are only two examples of a growing list of phishing tactics. That’s why it’s important to regularly train employees how to look for the telltale signs of phishing attacks. Training should be mandatory, but to fully engage employees, communicate the message that they’ll learn valuable cybersecurity skills to apply in their personal lives. After all, phishing and ransomware target individuals too.

Maintain Backups and Test Your Restore Process

If all else fails and your data is encrypted, having current backups is the best defense against ransomware. By restoring from backups, you can avoid paying the ransom. That’s why, unfortunately, some strains of ransomware are now going after backups, especially if they’re stored in the same environment as your production systems.

WannaCry, for example, deleted volume shadow copies, which Microsoft Windows automatically creates to allow users to easily recover their data. Network-attached backups are also at risk. After having its data encrypted by ransomware, one police station refused to pay the ransom, knowing that its data was backed up. Unfortunately, the backups were attached to the network and had also been encrypted.

To protect yourself, back up your data frequently and segregate it from your production environment. Be sure to monitor backups for completeness and accuracy as well.

Of course, a backup is only as good as the restore, so it’s important to routinely test your restore process. Include any disaster recovery vendors you work with in your tests to make sure they can restore your company’s data within your recovery time objectives (RTOs).

Know How You’ll Respond to a Ransomware Attack

While you’re working on restoring your systems after a ransomware attack, a comprehensive business continuity plan with a strong focus on cybersecurity can minimize the impact of downtime. For example, will you need to temporarily revert to paper-based processes? Will workflows need to be diverted? If so, know in advance when, how and where you’ll carry out the recovery. Finally, employees should be trained on any systems and procedures to be used during downtime.

While “Grey’s Anatomy” viewers will have to wait until the series returns on January 18 to see how Grey-Sloan Memorial resolves its ransomware attack, you might not have that long to prepare for an attack. Don’t waste any time creating a response plan. Get started now. For more tips, read “Five Ways to Thwart a Cybersecurity Nightmare.”