How to combat ransomware: 3 steps to take today

Nobody likes to think about their company’s critical data being compromised and held for ransom. Unfortunately, this type of threat, dubbed ransomware, cannot be ignored. In the first quarter of 2016 alone, CNN projected that cybercriminals collected more than $200 million through ransomware attacks.

This would make ransomware a nearly $1 billion business annually, and it is growing quickly. This scale can be difficult to grasp, so how about an example that’s easier to identify with? In February of 2016, Los Angeles’s Hollywood Presbyterian Medical Center was hit with a ransomware attack. The attack lasted for four days before the hospital finally paid the ransom of $17,000 to get its network back.

You may think, “$17,000? That doesn’t sound so bad.” Of course, the actual cost – downtime, delays, lost customers, etc. – was much worse: an estimated $11 million. Do I have your attention now?

What’s worse is these attacks can be so complex that the easiest way to move past a ransomware incident and resume operations can be to pay the ransom. With attacks on the rise and law enforcement offering limited ability to help with recovery, what can you do to protect your data and recover quickly if your company is hit?

Here are three things we suggest when it comes to ransomware:

Take steps to reduce your risk.

The first action you should take toward protecting yourself from ransomware is to measure where you have exposure and risk. You have to know where your most important, private data is and take steps to limit access to it.

Take action against suspicious activity.

When you see something on your network that looks suspicious, take action immediately. This is an area where data-aware solutions and other technologies can help. You can monitor network activity and get notifications when there are anomalies. When these anomalies are detected, you can automatically create copies of your files in a safe location. This means that even if the attack is successful, you won’t be without your most critical data.

Speed up response and recovery.

With any attack, it’s critical to know exactly what is happening and when. That means you have to record things like:

  • The time of the attack
  • Its cause
  • Its impact
  • What files, files shares and virtual machines have been affected

Forensic analysis tools can be a real help with this task. Once you know what you’re dealing with, you’ll be in the best position to quickly enact a plan for recovery.

The thought of your critical data or entire network being held for ransom by cybercriminals likely keeps your IT security professionals awake at night, and it should. Developing a strategy against these attacks has never been more important. Starting with these three actions, you can gain some control of and protection against ransomware attacks, giving you better options than simply paying up.

Learn whether your company could survive a $99,000 malware attack, and how, here.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.