Ransomware attacks have become a scourge - and this is an understatement. Just a few weeks back, around Diwali 2022, Tata Power got hit by a ransomware attack, and stolen data got leaked. It is estimated that there were 714 million ransomware attacks around the world in 2021. In 2017, the WannaCry ransomware infected nearly 250,000 computers in a single day. In fact, groups like Hive, have innovated and come up with RaaS (Ransomware As A Service), where 3rd parties can use their infrastructure to run ransomware attacks.
So what is Ransomware? It is a kind of malware that encrypts computer hard drives and folders and often steals data before encrypting. The attacker leaves a note on the target computer asking for payment via a dark-web portal, usually in bitcoin. If this ransom is not paid, the attacker does not reveal the cryptographic keys required to decrypt the data, and also threatens to release stolen data on the dark web. Needless to say, this can cause major losses to any company or organization.
How is Ransomware delivered? The most common modus operandi of attackers is to send malicious attachments in emails. When users download those attachments, the ransomware software starts running and quickly takes over the affected computer. Then it latches onto LAN networks, Insecure Microsoft Exchange servers, and Remote Desktop servers and spreads all over the organization’s IT infrastructure - end-user PCs as well as servers. Social Engineering, Phishing, and operating system exploits are also common routes for delivering ransomware. While Windows PCs and Servers remain at the highest risk, Ransomware attacks on Linux and Mac computers are also increasingly common.
It is almost impossible to be 100% safe from ransomware, however, the below practices will reduce the chances of an attack affecting your organization:
Education & Awareness: It is extremely important to educate users on security best practices, to identify phishing and malicious emails. Remember, human errors are responsible for 82% of data breaches.
Maintain & Update Software: You must keep PCs and Servers patched with the latest security patches. In particular, anti-malware and antivirus software must be kept up to date at all times.
Use the Cloud: Instead of using an on-premise email server, use a cloud email service. Instead of using a LAN share drive, use a service like EisenVault for storing important documents securely in the cloud. If user PCs are encrypted, the documents and email are still accessible via the cloud and work doesn’t stop.
Backup, Backup, Backup: Take regular backups of your user PCs and Servers. We have seen customers backing up their servers to another hard disk within the same PC! This is bad practice. The backup should be at least on a separate disk, which is not always attached to the machine in question. Even better, if the backup is taken to a separate server with a different OS and in a different physical location.
We at EisenVault are experts in managing documents in the cloud. Cloud document storage should be a key part of your data security and business continuity strategies. Click here to read more about how we keep your documents safe in the cloud.