How Companies Can Guard Against Ransomware

By Aliah D. Wright Nov 8, 2016
LIKE SAVE PRINT
Reuse Permissions

​Ransomware has become so prevalent that it has eclipsed all other forms of malware in terms of incidents. Criminals have set up call centers so victims can pay ransoms in digital currency called bitcoin, and cybercriminals are now providing one another with tech support to launch more attacks.

A type of virus that encrypts a user's files until money is paid, ransomware first reared its head in 2013. Cisco Systems, a tech company headquartered in San Jose, Calif., reports that while these attacks are most prevalent on employee laptops, ransomware is now targeting departmental file servers and other critical company infrastructure.

Sophos, a U.K.-based security company, reports that by the end of 2016, cybercriminals will have collected $1 billion in ransom payments.

But there are ways to combat what Andrew Mundell has called "the No. 1 payload of malware threats against desktops and mobile systems." Mundell, an enterprise sales engineer with Sophos, helmed the company's "Stop Ransomware in Its Tracks" webcast on Nov. 2.

Ransomware Popularity Grows

Ransomware keeps evolving, Mundell said, and criminals are perfecting ways to expand its use.

"There are a number of [ransomware] variants," Mundell said, adding, "We're seeing different variants created on a daily basis." Popular ones include Locky, Cryptolocker, Zepto, Cerber, CryptXXX and a host of others. Ransomware enters computer systems through e-mail attachments, compromised websites and even "malvertising," or fake ads containing malware.

Criminals are also changing the landscape by providing what Mundell called "malware as a service," in which they connect with one another, identify what kinds of attacks they want to launch and collaborate on how to proceed.

"The scary thing here is you don't have to have an advanced understanding of malware to be able to leverage these services," Mundell said. Some data thieves use "black market tools to easily create attacks that exploit known and unknown vulnerabilities."

Once they've infected users' computers, criminals turn to customer support systems they've created to secure payment in bitcoin, a type of digital currency that they can then exchange for dollars.

No business has been immune—not even hospitals. As SHRM Online reported in March, Hollywood Presbyterian Medical Center in Los Angeles had its systems infected with ransomware. Crooks demanded $17,000 to restore access to e-mail and electronic health records. That hospital paid the ransom. But while it mulled over what to do, Mundell said, "ambulances were diverted, electronic medical records disappeared, e-mail was unavailable, and the hospital had no access to X-rays or CT scan information."

[SHRM members-only resource: Computer, Email, and Internet Usage Policy]

Best Security Practices

Mundell listed nine best security practices companies can deploy now to protect themselves against ransomware. They include making sure:

  • Regular backups are performed—and the information is kept offline and offsite.
  • Security personnel "test the recovery" of the backed-up information. "Make sure those terabytes of data that you have stored are periodically tested so in the event of needing to do a recovery, you know those backups are secure and able to be retrieved successfully," he said.
  • Employee can easily determine document file types. To accomplish this, IT needs to enable document file extensions so users can see them; this reduces the chances employees will click on a suspicious file.
  • Attachments open in default applications. For example, arrange it so that "JavaScript files open in Notepad—that will give you a great way of stopping anything malicious from running."
  • Macros are not enabled in e-mail attachments (so attachments don't open automatically). Microsoft has this feature turned off by default; don't turn it back on.
  • Employees are cautious with unsolicited attachments—if in doubt, don't open them.
  • IT patches computer systems "early and often. Keep your defenses in top form and plug holes," he said.
  • Your organization stays up-to-date with new security features.
  • Employees don't have more access to important systems than is necessary. Having more people with "admin rights could mean a local infection becomes a network disaster," Mundell noted.

Andrew Avanessian, vice president of technology at Avecto, a software security firm based in the United Kingdom, agreed with Mundell's last point. He told SHRM Online that "removing administrator privileges [is] an extremely easy and cost-effective way to block malware from accessing data."
Avanessian added that application whitelisting and sandboxing are also effective. Whitelisting means setting systems to automatically block or disable any new [software] installations or modifications unless preapproved by the security team. Sandboxing means ensuring that the endpoints create a unique, temporary environment in which to host all external interactions, such as Internet browsing and the downloading of attachments. 

Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.

LIKE SAVE PRINT
Reuse Permissions

MEMBERSHIP

Become a SHRM Member

Join/Renew Today

Job Finder

Find an HR Job Near You

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect