An email flashes across your screen. You open it, reading the message that your email account requires a new password. Thinking nothing of it, you follow the link in the email to a website where you enter your password and other credentials in order to make the update. You close out the window and move on with your day. Next thing you know, your digital information is under attack, putting your entire business at risk. 

How could this have happened? How could a simple email have led to such a catastrophe? Unfortunately, this is the grim reality for many businesses, individuals, and other organizations who have fallen victim to a ransomware attack. 

At Preemo, we are devastated by stories like when The Heritage Company, an Arkansas-based telemarketing company that was forced to lay off 300 employees after suffering a ransomware attack. In her letter to employees, sent just a few days before Christmas, the company’s CEO writes: “The ONLY option we had at this time was to close the doors completely or suspend our services.”   According to FBI statistics, ransomware attacks are becoming more “targeted, sophisticated, and costly” across the country. 

Some of the most high-profile cases of these threats include attacks on hospitals, schools, and city governments. In Florida in particular, four different cities announced cybersecurity attacks over a period of just 8 weeks in 2019: Riviera Beach, Lake City, Naples, and Key Biscayne.  Riviera Beach, Lake City, and Naples were each forced to pay enormous ransoms, the largest being $700,000. There are also cases of ransomware attacks targeting institutions like schools and hospitals. In 2019, a network of hospitals in Alabama had to move all non-emergency patients to other hospitals and temporarily stop accepting new patients after a large ransomware attack. The effects of ransomware are real and costly and it is in every business and organization’s best interest to prioritize safeguarding against them.

As IT service providers, we know just how awful and widespread the consequences of ransomware can be. We at Preemo are dedicated to providing our clients with the best ransomware protection and empowering them to keep their information as safe as possible.

Ransomware infographic

So, what is ransomware and how does it work? 

In order to understand how to safeguard against an attack, we believe it is important to understand just what ransomware is and how it operates. In simplest terms, ransomware is a type of malware (shorthand for “malicious software”) that, when installed on a computer, causes intentional harm to the device, server, or network. Ransomware often gains access to a computer through a fake email asking for a password reset or other credentials. These emails may be disguised as messages from Office 365, Gmail, or other familiar and safe-seeming email service providers. The person receiving the malicious email will then be prompted to follow a link to a fake website, where they are then told to enter their password and other personal information. 

Once the information is entered,  the malicious actor (more commonly known as a “hacker”) gains access to the computer and is able to install/force the user to download the ransomware. The ransomware encrypts certain files and information on the device, server, or network, rendering them unusable and inaccessible to the victim of the attack. Often, after the files are encrypted an icon will appear on the infected device’s desktop, inviting you to “unencrypt your files.” When the icon is clicked, a message will appear demanding a ransom to be paid in exchange for the code to unencrypt the files. This process is often described in media coverage using a “lock and key” metaphor- the threat actors “lock” the files and demand a ransom for the “key.”

These ransoms, especially in instances where businesses are attacked, can be astronomical, in some cases hundreds of thousands of dollars. The message typically demands that the ransom be paid in cryptocurrency such as Bitcoin so that the culprit remains untraceable. Sadly, businesses and organizations are often left with no choice but to pay the hackers off and take huge financial losses. In many instances, a ransomware attack ends in complete collapse for the affected company.

The prospect of a ransomware attack is an extremely frightening thing. However, we know firsthand that cybersecurity attacks such as these can be prevented with proper planning and guidance. We at Preemo provide our clients with a variety of security measures to ensure that they do not fall victim to a ransomware incident. Read on to discover our best tips and guidelines for protecting yourself and your business from malware. 

Endpoint Protection 

As part of our services provided to clients, Preemo makes use of endpoint protection software. Endpoint protection is a key aspect of maintaining network security. When businesses utilize a corporate network that is connected wirelessly to devices like laptops, mobile phones, and tablets, this wireless connection can be vulnerable to threats from malicious actors. Endpoint security is the process of fortifying these connections to ensure that the network is protected from attack. In short, Endpoint protection measures help keep your network secure against malware intrusion. At Preemo, we take a multifaceted approach to securing your network through endpoint protection. We use anti-virus software to prevent, detect, and remove malware before it can affect your corporate network. Preemo monitors our endpoint protection software 24 hours a day, 7 days a week to keep your network and information safe. 

Many different elements, from servers to wifi, can be vulnerable to attack. In addition to our endpoint protection software, we use other “hardening” measures to increase security against malware. In IT, the word “hardening” is used to describe a series of protocols taken to make servers and networks more secure against attack. This can include simple actions, like regularly changing user passwords, to more complex ones such as data encryption.  We implement these hardening measures both when we take on a new client and actively on a month-by-month basis with our existing customers.

Another cybersecurity measure we utilize with our customers is DNS filtering. DNS filtering (aka Domain Name System filtering) is a technique of blocking access to certain websites based on their IP address. This prevents our clients’ employees from going to malicious websites in the first place. We use products like OpenDNS to make sure that our customers are not unknowingly visiting malicious websites and putting themselves at risk. 

We also use firewall protection to keep our customers’ internet-connected networks secure. Firewalls monitor and control access to a private network. They monitor traffic going in and out of the network to prevent unauthorized individuals from gaining access. This can be done through both hardware and software. In working with our clients, Preemo uses products such as Cisco’s Meraki firewall to make sure that no malicious actors from the internet can infiltrate our customers’ corporate networks. 

Whether you are a new client or an existing one, Preemo will take every action necessary to strengthen cybersecurity for your network and keep your files protected. 

Backup and Disaster Recovery 

In my opinion, backup is the most important measure a business can take to protect itself in the case of a malware/ransomware attack. In instances where the worst case scenario occurs and a business is hit with a ransomware attack, the business often does not recover from the attack if they do not have adequate backups in place. We are aware of several cases in which businesses have been forced to close after a ransomware incident due to lack of backup. Thus, we truly believe backup is a cornerstone of the malware recovery process. 

Backup empowers a business against malware intrusions in a number of ways. If a business has a proper backup, they are able to restore all their information to how it was before the attack. A good managed service provider will know almost immediately if a malware intrusion has occurred and implement ransomware recovery procedures. The first step is to disconnect computers from the network. The service provider will then restore information from the backup, thus ensuring that no information is lost in the incident. If the managed service provider acts quickly and good backups are in place, downtime for restoring all the infected files would probably be only a few hours. Backup also relieves the need to pay the threat actors’ ransom- if you have a proper backup of your files and information, the hackers no longer hold the power. 

However, not just any backup will protect a company in the case of a malware incident. In cases where the backup is not properly configured, the backup itself can get encrypted as part of the ransomware attack. That is why it is of the utmost importance to work with a high-quality managed service provider to create and maintain a good backup. 

In the event that Preemo is called in to handle a ransomware remediation, we provide various services to help the affected company recover as quickly as possible. Ransomware remediation involves utilizing a backup, in some cases, to reconstruct the company’s entire IT infrastructure. If all else fails and the ransom must be paid, our best practices at Preemo are to completely clean format the digital environment and start from scratch, in case any traces of the ransomware are left over. This is obviously an extremely painful and difficult process, and one that we work to help our clients avoid entirely. 

Cyber Insurance for Ransomware 

Cyber insurance is another important piece of the anti-ransomware puzzle. If a malware attack occurs, cyber insurance coverage can help your business recover. Cyber insurance can provide reimbursement for the costs of things like investigating the attack, any business losses incurred, and even legal expenses. As cyber crime continues to rise, cyber insurance is of even greater importance to any modern business. 

Cybersecurity and ransomware protection are an absolutely crucial part of maintaining a successful business. We at Preemo know firsthand that it is far safer and less expensive to pay for preventative protection than post-attack recovery. If a malware attack occurs, we can help, but we always recommend prioritizing front end protection over back end remediation. 

Ransomware attacks are unfortunately a real and present threat to any modern-day business, and statistics indicate that they are on the rise around the globe. However, with proper cybersecurity and a great IT service provider, you can secure your files and information. We at Preemo work consistently to keep our clients’ businesses are safe from any potential threat. If you have been a victim of ransomware or if you want to avoid it at all costs, here’s a link to get a free quote: (preemo.com/schedule).

Sources:

https://deltarisk.com/wp-content/uploads/2017/06/ransomware-stats.jpg

https://www.softchoice.com/blogs/advisor/security/5-stages-malware-attack-next