Ransomware attacks are becoming more vicious and impactful to our clients. Here are some high-level thoughts on preparing for the next attack.
Ransomware attacks are nothing new, they have been around for ages – the first documented attack being in 1989 known as the AIDS Trojan. This attack set the stage for the more sophisticated attacks we are seeing more frequently today. Infections have steadily increased every year since 2013, reaching record levels last year in 2017.
Recently, these infections have become more advanced and more dangerous. Hackers are now making their software harder to detect. Attackers can now also combine attacks by crafting a software to first hack into a network and then build a second software to capture the keystrokes of the users. With these attacks becoming more complex, it is important to ensure your organization is actively working on security practices and adding layers of protection constantly.
Hackers made more than five billion dollars in 2017 through infecting computers and software, and it is only becoming more common in 2018, according to the 2018 Threat Impact and Endpoint Protection Report. This report acknowledges that companies of any size and of all industries are at risk for these attacks. A huge risk when infected is the loss of data – Below is a chart from the report that displays the kinds of data potentially lost or encrypted.
Repairing and cleaning up after an attack is where most companies see the most impact. Many companies pay the ransom, not so much to get their data back, but in an effort to get the attackers to call off the attack. Interlink recently was helping a customer rebuild servers only to see them hijacked again in a matter of hours. Even clean backups didn’t help. Sometimes paying the ransom works and sometimes it doesn’t.
The major cost, as we all know, isn’t the ransom, it is the impact to the business and the downtime that these attacks can cause. Some attacks can result in so much damage, the company is not able to function or perform simple tasks or generate any revenue. The graph below compares the number of users affected and the number of hours of downtime it took to repair because of a ransomware attack.
www.knowbe4.com 2018 Threat Impact and Endpoint Protection Report
The question is, how can you protect your company from these attacks? There are a few steps that end users and companies can take to reduce their risk of falling victim to ransomware. Considering the devastating effects that ransomware can have on an organization, it’s necessary to work on preventing these attacks.
Effective defense relies on educating the staff. Interlink has tools that can help with end user testing and training.
Proactive Security involves layers.
The next step to combat ransomware is deploying a response procedure in the instance your company is hit with an attack. The last thing you want is to have your team scrambling after an incident, making the situation more hectic.
According to the article Will Artificial Intelligence Save Us from the Next Cyberattack?, the future of recovering from these attacks will include Artificial Intelligence (AI). Identifying and evaluating the attack are the first steps to recovery, and AI can make correlations and provide the details associated with a threat actor, campaign or motivation for the attack. AI can also help companies by advising solutions, because people don’t always have the decision-making qualities to resolve a major cyberattack. While AI and machine learning still have a way to go, the increasing threat of attacks is resulting in a higher demand for the best solution, and AI security systems may come in handy.
A big problem we see when our clients are hit with these attacks is that they have no strategy or plan for recovering their systems efficiently and quickly. The best way to tackle these infections and get ahead of them is to take the necessary precautions to prevent an attack and also take the steps to plan for after the attack – before it happens! We recommend evaluating your current situation and improving security and planning from there. You can schedule a consultation with us today for help assessing your current environment or learn more about our security solutions. By taking these steps, your company will be able to better prevent, detect and recover from ransomware attacks. With these infections becoming more prevalent, your company needs to ensure a secure platform with multiple layers of security. Interlink is here to help protect your data and critical systems and assist in identifying when these breaches occur. Our experts are available for guidance or to walk you through any of Microsoft’s solutions to assist after an attack and to prevent future ones. Our team has experience recovering organizations hit with these attacks before to get them back on track. Get in touch with us to find out more about keeping your company safe.
For more information on Ransomware, check out this blog from our partner at Peters & Associates.