Ransomware Dollars and Sense Part III: When Downtime Converts to Uptime

Ransomware Attack

Last week we covered the disturbing statistics that for small businesses (SMBs) hit by ransomware, 22% immediately cease operations and 60% close within 6 months. Still, even in the face of such complete financial disaster, the FBI recommends that companies do not pay ransoms because it only encourages more attacks. Despite this advice, SMBs still pay because the alternative is potentially disastrous. Attackers know this. To them, it’s a business and the alarming brilliance of ransomware is that the amount demanded is calibrated to make payment a no-brainer. Small businesses, which typically lack the money to investigate an attack, have just enough to pay ransoms in the $3,000 to $5,000 range to regain control of their data and computer systems.

When it comes to ransomware, the best scenario is to not have to make the decision of whether or not to pay in the first place. Proactive is better than reactive, and businesses can avoid the whole issue by preventing the attack and mitigating the ones that get through. Here’s three techniques to help prevent becoming a victim.

Stop the Clicking
Katniss had the odds in her favor when it came to catching fire. Your data, not so much. By careful design and timing of the message, Dr. Zinaida Benenson, a computer science researcher at the University of Erlangen-Nuremberg in Germany, reveals that anyone can be tricked into clicking on a dangerous link, reports Zack Whittaker for ZDNet. Crafting the message to induce curiosity, spoofing a known sender, addressing the victim by name or matching the message to the victim’s recent experience are all effective techniques.

Before your data catches fire, train users not to click. Cutting down on clicks goes a long way in prolonging uptime, but formal training can be expensive. Fortunately, there are low-cost options. Our tax dollars already have provided a good tool aimed kids that can provide the basics to users of all ages. Cofense (formerly PhishMe) makes Cofense PhishMe Free available specifically for companies with 500 employees or less. They also offer Cofense CBFree for computer-based training.

In 2015, Larry Loeb of SecurityIntelligence quoted a report by PhishMe that after training on phishing, employee click percentages can drop to 4% after four training cycles. This is a great start, but that 4% can still crush an SMB.

Mitigate the Impact of a Bad Click
If you can’t stop the click, the next best thing is to mitigate the impact. Remote browser isolation technologies are being hailed as a new approach to threat prevention. Secure browsers can isolate malware separately from the machine so that the malware detonates without significant damage. Gartner included remote browser isolation among their top ten security technologies for 2017, and their September 2016 report, It’s Time to Isolate Your Users From the Internet Cesspool With Remote Browsing, brought the technology into the limelight.

SecureShield defeats downtime by creating a virtual machine on the endpoint. End-point attacks not caught by the local antivirus software will launch and attempt to affect the local, virtual environment. The user can simply close the browser to discard the malware, relaunch the session and quarantine or delete the malicious email.

Bring in Trusty Backups
When defenses fail, it’s time to turn to the backups. Backups are a popular – and effective – way to counter ransomware attacks. However as we noted in our first blog in this series, the difficulty of deploying the backups takes significant time and resources. The downtime caused by the recovery process can disrupt business processes and impact revenue.

Remote access (typically using remote desktop or VPN solutions) of cloud-hosted back-ups on personal devices can keep the business running.  However, a full-company solution for remote desktop or VPN can be very expensive and still risks leaking company data to personal devices, which may violate compliance rules. SecureShield provides a cost-effective alternative to keep business processes running during the downtime caused by back-up restoration. While an IT department or MSP works on restoring primary equipment affected by the malware attack, SecureShield can be deployed (via email or secure website) for affected employees to install on their local machines.  Using SecureShield creates a container on their machine with a SSL-VPN connection to the remote-hosted files from the back-ups. Because SecureShield provides a ‘bubble’ that isolates the company data within the secure browser, data is prevented from leaking to the local device.

Natural and creative human traits, such as curiosity, will remain exploitable forever. With over 90% of network breaches involving phishing and social engineering and almost 50% of cyberattacks targeting small businesses, now is the time to take steps to stop ransomware in its tracks.

For information about Soliton SecureShield, please click here to download the data sheet or check out the SecureShield video.

Continue the conversation with us at RSA. Stop by and visit us at Booth 131 in the South Hall for a demo. What? No Ticket? Get your complimentary expo hall pass with the following code: X8ESOLIT.

 

https://go.malwarebytes.com/OstermanRansomware2017_PRSocial.html

https://smallbusiness.house.gov/news/documentsingle.aspx?DocumentID=399734

https://www.zdnet.com/article/how-hackers-can-make-virtually-any-person-click-on-a-dangerous-link/

http://www.pbs.org/wgbh/nova/labs/lab/cyber/

https://cofense.com/pm-free/

https://cofense.com/resources/cbfree-computer-based-training/

https://securityintelligence.com/news/employee-training-lowers-susceptibility-to-phishing-emails-report-finds/

https://www.gartner.com/newsroom/id/3744917

https://www.gartner.com/doc/3463618/time-isolate-users-internet-cesspool

https://iapp.org/news/a/verizon-study-90-percent-of-breaches-involve-phasing-social-engineering/