SME’s poor security knowledge and practices are being targeted by ransomware.
According to one industry report, the number of cyber ransomware attacks increased in 2014 by more than 4,000%, with small to medium sized enterprises (SMEs) being the main target due to poor security practices.
On the technical side, we can have spam, malware and bad URL detection engines or services that can be installed in networks – generally as part of an internet security appliance or firewall – rather than individual boxes installed in front of email servers.
The reason we would want such protection as part of the general internet connection is to provide protection for email, browsing and other internet related operations such as file transfer and remote access.
There are also a number of very good commercial cloud based email spam, malware and URL detection services available. These are well worth a look for smaller enterprises that must consider costs of ownership, support and overall effectiveness.
Even with the best spam, malware and URL detection services, some emails that could form the start of a ransomware attack may get through. These emails contain a URL link that, when clicked, will take the user’s web browser to a website that will attempt to download the ransomware.
These emails could not have been detected as malicious for a number of reasons, such as the URL being too new to have been identified as malicious; the patching or updating of an onsite box being out of date; or the URL pointing to a perfectly legitimate website that has been compromised in preparation for a watering hole attack.
The rise in legitimate websites being compromised for the purposes of executing watering hole attacks as a way of delivering malware – including ransomware – means enterprises need to add malware detection to web browsing activities.
Protecting against a ransomware attack
Having got the technical side sorted according an enterprise’s risk appetite and budget, what else can be done to help protect against a successful ransomware attack?
Staff awareness training and regular follow up initiatives are key. It is important to make staff aware that unexpected emails – even from known sources – are suspicious, particularly those that require a URL link to be activated.
If all else fails and a ransomware attack is successful, then having access to good, well-tested backups with at least one copy that is held off network will be vital in service restoration. Note that the off network backup itself should not be used as is, but copied. The copy should then be used to bring the network back, which will protect the good backup from being compromised.