If you thought that ransomware had disappeared with the original CryptoLocker botnet being shut down in 2014, you are unfortunately mistaken. Though that particular big-name threat isn’t the scourge it once was, ransomware has continued to proliferate. The number of threats and their severity are unfortunately on the rise. And like all malware, ransomware has become more sophisticated and is even beginning to crop up on operating systems once believed to be safe from such threats.
For both businesses and individuals hit with ransomware, it can feel personal. And, in a sense, it is. The ransomware infects computers, encrypting files; then criminal enterprises, sometimes quite organized, extort money in the form of bitcoin or credit-card payments in exchange for giving the user the key to decrypt the files on the locked machine. The criminals profit, and users—enterprise or individual—are left powerless to do anything but pay.
But there are digital security measures that enterprises can take in order to beat ransomware. The following best practices will help businesses know what to look out for in order to keep their business-critical data from being encrypted by ransomware and what options they might have in the unfortunate incident of being infected.
1. Use Threat Intelligence in Order to Stay One Step Ahead
One of the most important ways to beat ransomware and keep it out is to be aware of where it’s proliferating. Digital threat intelligence platforms that give enterprises a constant stream of information on proliferating threats can give a business a heads-up on what ransomware might be coming their way and allow an IT department to react accordingly by locking down resources, warning end users, and blocking suspicious emails associated with the threat.
Threat intelligence can also help a business determine how likely it is to be hit with ransomware and allow the business to match its policies and security solutions to the threat level. As hackers become more devious in their use of ransomware, attacks aren’t always random. Targeted attacks are beginning to appear, and big-money industries whose operations require data that they can’t function without are the perfect targets. Threat intelligence can let these types of businesses know exactly how close the threat of ransomware is to their enterprise and how it’s being spread.
2. Keep an Eye on Mobile Devices
Mobile devices bringing malware onto business networks is a huge problem, and that’s likewise the case with ransomware. Ransomware posing as a mobile app can trick a user into infecting his or her smartphone, and the device can then easily infect an unprotected business network. Policies governing the use of mobile devices in the workplace and security solutions that specifically address the concerns posed by mobile devices are critical to keeping a business safe from ransomware.
3. Know About Unlockers—But Only as a Last Resort
Cybersecurity researchers have not been taking ransomware encryption lying down. Various high-profile security vendors have been releasing products that can decrypt the files encrypted by certain strains of ransomware, rescuing a machine’s owner from having to play ball with the criminals and pony up a payment.
But these solutions aren’t foolproof. Even the best unlocker programs aren’t particularly simple, universal, or guaranteed to work. And once you’ve been infected with any malware, there are always concerns remaining about overall system security and stability. So be aware that, in a worst-case scenario, these tools are out there and might give an enterprise a last-ditch opportunity to decrypt a business-critical file without having to pay a ransom. But also know that in the aftermath of such a security event, a full review of any system that was compromised—or could have been—is necessary.
How have you seen enterprises effectively combating ransomware?