Criminals And Colleagues: How To Stop Ransomware’s Usual Suspects

We’ve all seen the headlines: ransomware – not software – is eating the world (sorry Marc Andreesen). Companies are losing millions of dollars because sensitive information is being encrypted by hackers who have penetrated porous IT defenses. It’s frustrating, it’s maddening and happening to companies of all shapes and sizes. What can be done? To effectively prevent ransomware from hurting their business, security professionals must first understand how these attacks take place. After all, Sun Tzu said, “If you know the enemy and yourself, you need not fear the results of a hundred battles.” Here are some insights into how to mitigate the threat of ransomware’s top two players: criminals and colleagues.

An Offer You Must Refuse

Criminals are the most common people behind ransomware attacks. The reasoning is simple: it’s the most profitable malware of all time. As with any burgeoning industry, hackers each have their own approaches to their attacks but they usually fall into one of two groups: loud mouths or ninjas.

Loud mouth hackers storm into a corporate network and let the IT staff know the exact moment that they have a company’s files. This ransom message drives some urgency in to the situation, prompting you to act. The hacker then shifts gears in to providing superior customer service in order to keep their ransom conversions high. They want to quote you a good price (the average price for an SMB is $300), provide you with a realistic timeline and then facilitate an easy payment process. The goal is to make it easier to pay for the problem to go away than to lock horns and prompting the ransomware to destroy the files.

Ninjas are much more devious and secretive. They gain access to business IT networks and simply observe. They see which employees have the information they are looking for. They learn how the CEO communicates with his staff. They slowly infect every machine on the corporate network. Every ‘t’ is crossed and ‘i’ dotted before they pull the noose tight. There are no mistakes and there is no choice other than to pay up and usually at a higher price than the loud mouths. It’s not uncommon for ninjas to forego the relatively meager sums associated with ransomware and try something more devious such as impersonating an executive and having a wire transfer sent to a shell company or cleaning out a company’s IP and selling it to a competitor. These are the cybersecurity bogeymen that keep security professionals up at night.

So how do you battle hackers? The best way to avoid becoming a victim is to not click on tricky phishing e-mails. Here’s how you can institute a program to keep your whole office safe.

Removing the ‘Hacked’ Stigma from the Office

Building “the human shield” is key to keeping an organization safe. The cornerstone of this is a user education campaign to teach people what phishing e-mails tend to look like and how to respond when you think you have a phish. These programs cannot simply be some webinars the staff watches online, but a culture instilled throughout the organization. People should be encouraged to talk to their manager if they suspect a phishing message. They should talk with their colleagues when they are targeted. Be sure to share the e-mail sender, the subject, and any attachments that were in the message.

A good guideline to instill in employees when it comes to communications is SAFE. This is a quick mental checklist that people can go through to avoid phishing attempts. It breaks down like this:

• S – was the message securely sent? Are there any typos in the email address of the person I’m responding to? Do the links match the sender?
• A – are there any attachments? If so, what type of file is it?
• F – is the communication from someone you know?
• E – were you expecting the communication? Is this a response to an existing conversation or is this person asking for something out of the blue?

If the staff is unsure, error on the side of caution – don’t click. Refer it to your manager or IT manager for a second opinion. It could be the difference between a good deed and three days of lost productivity.

The fight between hackers and their victims has been waged for decades. Right now, the bad guys seem to have the upper hand so it’s never been more important to have processes and tools in place to safeguard critical information. Criminals and colleagues each have their own separate roles within the ransomware problem and security professionals should game plan around each of their weaknesses and strengths to avoid having their business disrupted.