Five Steps to Disarming Ransomware Attacks

You have 48 hours to send two Bitcoins to the address below or your data will be erased. Do not contact the authorities.

If you’ve seen this notice, you know the fear induced by a ransomware attack. And if you haven’t, there’s a good chance you soon will. In 2017, the number of ransomware assaults grew 250 percent in the first quarter alone, causing millions of dollars in lost productivity and lost data. Today, ransomware remains one of the top cyber threats to enterprises. Why? Here are 10 factors that make ransomware irresistible to cybercriminals—and five steps to disarming attacks.

  1. Ransomware tools are becoming more sophisticated: From malware that flies under the AV radar to brute force attacks, hackers are constantly getting better at getting in. Better encryption makes it all but impossible for victims to unlock their files without paying for the key.
  2. Phishing, sadly, still works: Phishing attacks have been going on for 30 years now, so users must be experts at spotting them by now, right? Wrong. Phishing attacks are still effective, and employees may assume that IT and security teams are keeping them safe from phishing attacks.
  3. The most vulnerable attack vector is unprotected: Without a comprehensive endpoint backup solution, an organization’s laptops and desktops are unprotected. And yet, the Code42 CTRL-Z study revealed that IT decision makers believe that 60 percent of corporate information lives on users’ laptops. If executives know this, so do cybercriminals.
  4. Human behavior creates risk: Your policies say that employees must back up their data to a shared server to keep it safe from endpoint attacks. Unfortunately, employees aren’t following your protocol, leaving endpoint data—which is more than half of enterprise data—unprotected.
  5. Anyone can launch a ransomware attack: Following the trend of the legitimate software industry, Ransomware-as-a-Service (RaaS) takes ransomware accessibility to a new level. People with little technical expertise can “rent” ransomware and create their own phishing emails.
  6. Cryptocurrency makes money laundering easy: To a cybercriminal, the risky part of ransomware is direct interaction with a victim to obtain payment. But the emergence of cryptocurrencies removes much of this risk, creating a digital layer of anonymity between the victim and extortionist.
  7. Attacks target the enterprise: Cybercriminals are increasingly targeting those most likely to pay, and businesses are the ideal targets. They have valuable data they can’t afford to lose and a lot more cash on hand than individual targets.
  8. Once in an organization, ransomware spreads quickly: It only takes one employee to spread an infected file throughout your organization. Your employees are sharing thousands of files with each other every day. Cloud collaboration platforms make file sharing easier than ever, but platforms with automatic sync can actually spread ransomware, syncing infected files to the shared cloud and exposing others.
  9. Prevention is nearly impossible: The number of cybercriminals, combined with the sprawling attack surface, make prevention virtually impossible. More importantly, preventive AV products can’t stop human error. Bigger walls and stronger locks do nothing if your employees are willingly or unintentionally handing over the keys.
  10. Paying the ransom fuels the demand: As long as victims keep paying the ransom, money will continue to pour into the growing black market for ransomware and fuel the increasing sophistication of these exploits. More money, more hackers, more attacks and higher ransoms­­–these are the real costs of paying the ransom.

Break the cycle: focus on the data

The 10 items above paint a bleak picture, but the antidote to ransomware is actually quite simple: Shift the focus from those trying to steal data to the data they’re trying to steal. By focusing on ensuring all data is collected and protected, the enterprise can enable a swift, clean recovery from ransomware and fight it at its source. Here are five quick tips to disarm ransomware:

  1. Collect and protect the data: Truly comprehensive enterprise data protection includes covering data where it lives—on the endpoint. The solution can’t rely on user behavior, and it can’t slow down user productivity because employees will work around it. The solution must be automatic, continuous and frictionless to give IT certainty that every user, every device, every file and every version is covered.
  2. If ransomware hits, have no fear: With all laptop and desktop data continuously backed up, ransomware ceases to be scary. The enterprise has the tools in place to execute an efficient, successful recovery.
  3. Make the clean, quick restore: Comprehensive endpoint data protection turns restore from a costly, weeks-long affair into a quick, push-button task. IT simply rolls back to the last known good state to conduct bulk file restores or allows users to perform a self-service restore.
  4. Never pay the ransom: With quick and comprehensive data restores, the enterprise can laugh at ransom demands.
  5. Feel proudyou’re doing your part: With the tools in place to take the ransom out of ransomware, the enterprise community can cut off the cash flow and begin to shut down the ransomware market.