By Guy Baroan, founder and President, Baroan Technologies
Ransomware is a terrifying reality for organizations today. We’ve all heard the horror stories. Hospitals that have seen their systems crippled and been forced to pay millions to rebuild in the aftermath of ransomware attacks. Police departments suffering the consequences of both paying or not paying ransoms, demonstrating these attacks to be a crime that authorities cannot protect themselves from, much less others. It’s become clear that ransomware can affect organizations of any size, in any industry.
Fueled by hacked tools originally developed by the NSA, these attacks are becoming more frequent and more potent. In May, the WannaCry ransomware attack affected more than 230,000 computers and 10,000 organizations in over 150 countries, with estimated economic losses of $4 billion. In June, the even more virulent GoldenEye strain of Petya ransomware struck businesses worldwide, signaling that such attacks are the new normal.
Having a popup appear on your computer screen that says your most critical files are being held hostage is enough to make anyone’s blood run cold, but it’s especially threatening if you run a small business. Small businesses naturally have fewer resources for cybersecurity than their larger brethren, and less ability to absorb the damage done by ransomware attacks. Because of their size and vulnerabilities, small businesses often look to managed service providers (MSPs) and Reseller for their security solutions. And these service providers should know that the solutions they provide will certainly be tested: according to Datto’s most recent Ransomware Report, 91% of IT service providers reported experiencing recent ransomware attacks targeting small businesses.
Mounting an effective defense against ransomware really calls for a strategy of layered security. This means utilizing multiple, even overlapping solutions that cover the breadth of an organization’s security needs. Doing so places more thorough protections along every avenue by which ransomware might arrive. This is necessary because even a single weak point can allow an attack to succeed; the latest ransomware such as WannaCry and Petya are capable of scanning the web in order to recognize and targeted unpatched and unsecured ports to take advantage of. In this environment, businesses require a robust suite of security solutions, including effective anti-virus and anti-malware solutions, as well as the tools to repel network-borne hacks and social engineering tactics. Businesses must also have the backup and encryption capabilities in place to safeguard data when it would otherwise be compromised.
Anti-virus and anti-malware
Anti-virus and anti-malware solutions are an essential element to any layered security strategy. Generally, MSPs provide these solutions for all clients as a part of their standard service (we all have our favorites and I won’t get into discussing which might be better). While these solutions are absolutely required for any business, it should be well understood that they are not sufficient on their own. From zero-day threats to lax patching and security update practices, attackers always have opportunities to elude these measures. Frighteningly, 93% of respondents in the Datto Report noted incidents of ransomware infiltrating anti-virus or anti-malware software.
Unless properly educated as to what to look out for, employees are vulnerable to unwittingly inviting attackers into an organization’s systems. In fact, in most ransomware incidents, the malware is simply let in by employees who fail to follow best practices.
Attackers will prepare malicious external content – such as a web page or a document – embedded with exploits that can take advantage of application or operating system vulnerabilities to introduce malware. To deceive employees into delivering this malware, attackers will use social engineering tactics such as phishing schemes, malicious websites, infected USB drives, and an ever-evolving cache of tricks. Once endpoints are infected and compromised, they can be used to access systems, collect data, and then send it to the attacker through the internet. This data theft can happen within minutes of the malware infection, making it critical to identify and mitigate such attacks as quickly as possible. Attacks of this nature cannot be defended against with anti-virus or anti-malware solutions, and don’t require unpatched applications of operating systems – the employee’s behavior provides the entire opportunity.
Proper employee training offers a critical layer of protection against these social engineering attacks. While it may seem like employee training is an internal matter for organizations, MSPs can, in fact, deliver this layer of security – for example, we use Breach Secure Now! To provide the framework for developing security policies and managing employees as they proceed through training. In addition to offering such solutions, technology service providers should also perform a security risk assessment for each client, and then provide services that bolster security at any weak spots. This means ensuring that employees are continuously taught how to recognize social engineering tricks and stay true to best practices. With some solutions, MSPs can even run artificial phishing scams on employees and see who falls for it – as a means of hands-on education.
Backup and encryption
If the worst possible scenario occurs and ransomware does make it impossible for an organization to access its own files, a backup system becomes the ultimate hero. An effective backup solution should perform frequent backups, provide quick restoration of data after an issue occurs, and may even feature both local and cloud-based storage for additional redundancy. Again, each MSP has its own favorite backup solution – what’s critical is that every organization should have one as a last layer of security against ransomware.
Finally, many MSPs and VARs may be unaware of the role encryption can play in protecting organizations against ransomware – when utilizing layered security, sometimes help comes from unexpected places. The accidental overlap of different security tools can be serendipitous, as we discovered when utilizing Beachhead Solutions’ SimplySecure for its disk encryption capabilities. While encryption protects data against unauthorized access to a hard drive, SimplySecure happens to allow EFS to be layered over Bitlocker, which encrypts data to individual user profiles. Therefore, access to files is prohibited – even from ransomware attacks – unless the credentials for the individual profiles are available. A tool like this can also handily record IP addresses that attempt to gain access, which can be helpful in determining the source of an attack.
By taking this comprehensive, multi-faceted, layered approach to security, organizations and MSPs give themselves the best chance of mustering enough defenses to thwart ransomware attacks – and avoid needing to open a Bitcoin account to pay some predatory basement hacker.
Guy Baroan is founder and President of Baroan Technologies, a Managed IT Service Provider, providing IT consulting and tech support for SMBs.