In the world of information security, 2017 will be marked by Ransomware attacks, a method also known as data hijacking, in which relevant information from users and companies is encrypted and becomes inaccessible. From this, criminals charge amounts of around R$400.00 to restore access to the hijacked information, although this amount can vary greatly, depending on the size of the company and the relevance of the hijacked data.
Experts point out that this form of attack is becoming widespread and will have new variants throughout the year, which could also affect cloud-based backup services. Estimates indicate that the profits of criminals who carry out this type of attack should reach values close to US$5 billion throughout 2017.
In a survey carried out by Trend Micro , it was found that 51% of Brazilian companies were victims of Ransomware attacks in 2016. Another worrying fact that the survey highlighted is that 56% do not have technologies for monitoring and detecting suspicious behavior or network attacks.
Ransomware attacks have become so common that they have even become a subscription service, where any internet user without the need for technical computer knowledge can carry out the attack. This service became known as “Ransomware as a service” or “Crime as a service” – “Ransomware as a service” or “Crime as a service”, translating into Portuguese.
In data released by the FBI, in 2016 in the United States alone, losses caused by Ransomware attacks reached US$1 billion. And the estimate is that this number will increase significantly in 2017. Imagine the risks for Brazilian companies, where 50% do not have ways to prevent the problem.
Companies that suffer this type of attack are subject to various forms of problems and losses: from total loss of data, in cases where there is no backup or access to the hijacked files; up to the interruption of systems, computer networks and operations relevant to the business, such as customer service.
To consider how important it is to take measures to reduce risks, try to imagine the impact that the loss of information could have on your company!
Unfortunately, there is no way to be 100% protected against Ransomware. However, it is possible to map the risks and take measures that significantly reduce the chances of the problem occurring.
There are very different ways in which an attack can occur, let's look at some:
- Email messages:
- Phishing, for example with simulation of promotions
- Infected attached files
- Attacks on user accounts and servers with weak passwords
- Hacked internet sites, which are used as targets for attacks
- Publication of fake news with references to harmful websites
- Publishing harmful links on social networks
- Advertising on the internet, including on social networks and search services such as Google
- Via apps and SMS on smartphones and tablets
- Disgruntled and vengeful employees in companies
We really have quite different ways for Ransomware to occur, but it is possible to reduce the risks with some measures:
User training
This is undoubtedly the main entry point for most viruses and virtual attacks on companies. Most professionals are unable to identify possible risks, such as a fake email message and end up clicking on malicious links or opening infected files. When this happens it is very difficult to prevent the attack from occurring.
That is why periodic training with employees is important, mainly addressing how to identify threats and what the possible risks are for the company and professionals. We suggest downloading this material that addresses safe ways to use the internet .
Define a policy for using secure passwords
Weak and insecure passwords are a recurring problem for internet users, after all who has never used passwords related to dates, addresses and family members, even for important accounts such as banks or email. But the problem is that criminals know this and exploit this vulnerability a lot, with systems that test password combinations repeatedly until it is discovered.
Fortunately, this problem is simple to solve, just create rules for using passwords with more than 8 characters, which combine uppercase and lowercase letters, numbers and preferably keyboard symbols, with periodic password changes, for example every 3 months. I also suggest downloading this guide on using passwords and secure user accounts .
Email inspection and anti-spam services
We know that fake email messages are often used in attacks. To mitigate risks, the corporate email must first have anti-spam services activated, this will ensure that a large proportion of risky messages are blocked or even opened by users.
In addition, we also recommend Email Inspection, where the content, files and links of email messages are evaluated and any suspicious items will cause the email to be blocked. This filter can be considered complementary and even more intelligent than spam control.
WebFilter and navigation control services
These services allow you to manage what corporate network users access on the internet, preventing them from browsing harmful and malicious websites. It is important that this navigation control is based on the reputation of the sites, so that it can efficiently identify sites that pose risks.
There are dozens of different services for controlling navigation in companies. Lumiun Tecnologia is an excellent alternative as it has a simple and accessible implementation, and at the same time is easy to manage.
Keep systems always up to date
Criminals study possible vulnerabilities in systems and exploit these flaws for attacks. That's why practically all systems have updates, which correct possible vulnerabilities.
It is essential to keep all software up to date, from your operating system, antivirus and other installed programs.
Prevent remote access to computers and servers on your network
Maintaining external access to your company's computers and servers is the same as allowing access to the data port, this practice combined with the use of weak passwords is fatal, criminals will easily have access to your company's data. Therefore, allow this type of access only when really necessary.
Internal monitoring of user behavior
This is a solution generally based on Machine Learning, which uses data and systems intelligence to detect unusual behavior within your network, both by users and equipment. Any suspicious activity may generate an alert for those responsible, for example, users copying business data or downloading programs from the internet that have no relation to the company's activities.
Backup and backup monitoring
Having a copy of the company's relevant data is essential. But more than that, the backup policy must be constant and efficient, with daily copies and storage media distributed in different locations. A good option is to use cloud backup services.
If your company's data is hijacked, it is not recommended to pay the ransom to criminals. That's why backup becomes important for restoring information. Don't let the situation happen that you need your backup and only then realize that the saved data is from the previous month – unfortunately this situation is more common than you might think.
As we can see, measures to prevent Ransomware attacks are relatively simple to implement and do not require large investments, considering the risks and losses that possible problems can generate. It is also important to realize that these measures are organized in layers, going mainly from prevention to what can be done in the case of data hijacking.
Finally, investing in information security means avoiding greater losses for your company. Don't wait to have your data hijacked to protect yourself.
15 comments
Comments closed