In 1989, one Dr. Joseph Popp mailed a set of floppy disks innocuously labeled as “AIDS Information Introductory Diskettes” to several thousand members of a mailing list of researchers. These disks, when read by the computers, replaced and renamed system files so that when the computer was later booted up, it would display a fake license agreement and ask that the user send $189 to a P.O. box in Panama in order to continue using the computer. In doing so, he set the pattern for a type of virus which would come to be known as ransomware.
Ransomware on the Rise
People may no longer receive floppy disks in the mail, but the pattern remains similar: most ransomware attacks are delivered as an innocuous email attachment. And the number of these attacks has been rising. In 2016, the Department of Homeland Security and the Department of Justice issued statements on the ransomware threat, and the number of ransomware attacks is estimated to be even higher than the number of data breaches. In this environment, businesses need to know how to handle an attack which may be inevitable.
Protecting Against Ransomware
The top protection against these attacks may be to sidestep their effects by investing in backup and recovery. This way, if a virus corrupts, encrypts, or otherwise blocks access to business data, the company can simply restore to an earlier “snapshot” of their business data. Companies should design journaling procedures and reporting practices, and engineer frequent recovery points into their data days so that the loss from any attack is minimal. And companies should ensure that they retain backup data long enough to recover from an attack.
But simply backing up data may not be enough. Some ransomware viruses lie dormant for some time before launching their ransom demand, which may mean that unwary businesses back up the virus along with their legitimate data. Recovery for these companies can be painful, as a restoration simply re-introduces the virus. Backup and recovery services need to be integrated with data validators and malware scanners in order to provide an adequate defense against these and other viruses.
Don’t Pay
If there’s one thing that’s ineffective, it’s paying the ransom. Payment doesn’t guarantee a release of data – and, in fact, those companies which do pay may face additional monetary demands or re-targeting at a later date, once they demonstrate their willingness to comply.
In all, ransomware protection boils down to a few key points:
- All employees of a company should be educated against opening suspicious attachments, or attachments from unknown sources
- Data should be backed up regularly, scanned for malware, and verified
- Backup data should be retained long enough to provide for recovery in the event of an attack
- Attacks should be expected, and planned for
- Attacks should be reported to law enforcement when they occur, and ransoms should not be paid.
While these practices cannot guarantee safety from ransomware attacks, they provide a solid foundation upon which to build a security protocol.