Ransomware attacks on the rise, with the latest studies reporting more than 71% of healthcare companies being affected. Our new blog sets out to empower the casual reader with the knowledge to protect themselves and their company.
What is Ransomware?
Ransomware encrypts your files. Without an encryption key, you are unable to read your files once they’ve been encrypted. An encryption key is a string of random characters that is nearly impossible to break.
Hackers use to hold your files hostage until you paid a ransom to obtain this key. At this stage in the IT world, companies had a two-pronged approach: (1) do everything they can to block attacks from happening and (2) you make sure you have very good backups.
These backups included local backups and off-site ones. The goal of these backups are up ensure you can get your data back and online quickly without paying a ransom. Unfortunately, things have changed.
The New Attack Method
Hackers are now not only encrypting your files, but they’re also collecting the data. Now, even if you have backups that you can restore if you don’t pay the ransom the hackers will threaten to release your data. This data could include things like social security numbers, passwords, medical records, and so on. And as you can image with healthcare, this data release is a huge HIPAA violation.
Now, not only are you dealing with paying the ransom, but your company will also be hit with significant fines for violating HIPAA.
How Ransomware Spreads
When ransomware hits, it is much more effective when it hits an old-school server. As data migrates to the cloud, it becomes much more difficult to replicate. If you have all your files stored on a physical server, all it takes it to get one user with access to carry out an attack. As the attack spreads throughout the network, all the machines connected to this centralized server are at risk.
As a distributed workforce, or a company with employees who work from home, it makes things more difficult for an attack to spread. However, this also makes it much easier to get. This is because the users or employees are no longer sitting in a building with a sophisticated firewall set up. Companies aren’t going to turn individual employee homes into Fort Knox Network.
Ransomware As A Service
Yes, you read that right. Companies now exist where you can purchase ransomware to carry out an attack. All it takes is one rouge employee contacting one of these services supplying the employee with a file. Once the file is installed on the employee’s machine on the company network, ransomware is deployed. Any revenue that comes from the ransomware, is shared with the employee.
Even if you do everything in your power to block ransomware, it can still work its way in from a disgruntled employee.
How to Protect Your Business
The biggest thing to keep in mind is that you need more than just a firewall at this point. Protection from attacks has shifted to the individual workstations, especially because of the current work from home trend.
The protection now needs to follow the device. Every device needs to be fully patched, and encrypted, and up-to-date on anti-virus protection. For more information on how to protect your distributed workforce, check out this blog
Newer technology also exists, called XDR, which will block any communication back to a ransomware server. Even if you have a rouge employee who is trying to run something on a company machine, if protected correctly, the XDR software will not allow it to connect back to the ransomware server where it would receive the encryption key and starts the process of encrypting. The attack is stopped.
A Layered Approach with Guardian
With the ever-changing landscape of information security, organizations need to have an infrastructure that is equipped with the necessary tool sot prevent and overcome cyber attacks, while also ensuring those tools are budget friendly and have a clear ROI.
Guardian Enhanced Security stack is especially attuned to organizations with heavy compliance and regulation standards that require a strategic arsenal to protect the overall health and security of their IT systems.
For more information on our Enhanced Security services, head to this page.