Ransomware is on the rise. These cyberattacks, in which hackers encrypt their victims’ data and demand ransom money for decryption, cost Americans more than $209 million in the first three months of 2016, according to the FBI.This suggests that ransomware losses may total $1 billion for the year. And that’s only for the attacks that were reported. Many go unreported as victims quietly pay up rather than risk losing the trust of their customers by going public. That’s because, although key precautions can reduce the likelihood of a ransomware attack, your options are limited when it comes to fighting attacks already in progress. Further, this form of malware is evolving so rapidly that traditional IT defenses are struggling to keep up.
Data encrypted by ransomware is just about impossible to restore without encryption keys held by criminal hackers, who release them only when paid—typically in the hard-to-trace online currency bitcoin. And the emergence of ransomware as a service (RaaS), which allows just about anyone with malicious intent to launch attacks regardless of skill, makes ransomware one of today’s fastest-growing cyberthreats, says James R. Slaby, former cybersecurity analyst and senior manager of global marketing campaigns at hybrid cloud data protection provider Acronis.
One common response to a ransomware attack isn’t a defense at all, but acquiescence: pay the ransom. Giving in to the hacker’s demands, no matter how galling, is often the only option for those who have fallen victim to an attack. But even paying ransom is no guarantee that your data will be restored after an attack. As Slaby points out, “A growing number of criminals are collecting the bitcoin ransom and then not following through with providing the decryption key. If they renege, who can you complain to?” These international cyber thieves rarely face justice, leaving no real recourse to victims but to protect themselves.
Anti-malware software should be every organization's first line of defense, says Slaby, but he also cautions that such tools, at least for now, aren’t keeping up with the fast evolution of ransomware. “The RaaS model supports optimization of attacks on two levels. Ransomware authors now focus on defeating anti-malware defenses, while their ‘distributors’ develop clever new ways to get the malware on users’ computers and mobile devices. At the moment, the bad guys are winning the arms race handily.”
The FBI recommends that organizations protect themselves from ransomware with anti-virus software that is kept up to date. All additional software should also be kept up to date with any available security patches. The FBI also recommends the use of pop-up blockers and cautions against clicking on any links in unsolicited emails –even from known senders—since such links and the malicious websites they lead to are the most common paths to infection by ransomware.
Even so, says Slaby, “Getting breached and suffering a ransomware attack is inevitable; you will never keep up with the proliferation of new attacks with traditional security defenses.” That leaves only one truly effective defense against ransomware: comprehensive and easy-to-restore backups. To fully defend against the ransomware attacks that Slaby says are inevitable, the FBI suggests “that individuals and businesses always conduct regular system backups and store the backed-up data offline.”
Fortunately, such backup solutions are relatively easy to deploy, and since ransomware merely blocks access to your data rather than stealing it, they represent a complete defense. The best of them take a hybrid approach, keeping copies of your backups both locally and in the cloud to defend against ransomware attacks that can propagate to local servers, potentially encrypting on-premises backups. With robust backup, says Slaby, “No matter how many times you get hit, you will always be able to recover without paying a ransom.”