Don't be held hostage by ransomware

Ransomware costs are escalating, with global damages predicted to reach $20 billion by 2021, according to Northport-based Cybersecurity Ventures.  

Last year alone, there were multiple high profile attacks against various organizations including the City of Baltimore and currency exchange company Travelex.  

Small and medium-sized businesses weren’t immune, with one in five  falling victim to a ransomware attack in 2019, according to a Datto survey.

“Ransomware attacks are getting more sophisticated, more targeted and more intrusive,” says Adam Kujawa, director of Malwarebytes Labs, the intel arm of Malwarebytes, a Santa Clara, California-based provider of anti-malware software.  

Ransomware is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access, according to Malwarebytes.

While year-over-year volume of ransomware detections declined by 6% from 2018 to 2019,  new ransomware activity against organizations including businesses remains at an all-time high, according to a new Malwarebytes report.

Kujawa says there was a particular uptick in attacks against businesses in the third and fourth quarters of 2019, adding, “it’s the most targeted effort  against businesses we’ve ever seen.”

Over time, criminals have shifted their focus from consumers to businesses and other organizations because they have more to gain monetarily by holding their data ransom, says Kujawa.

Newer ransomware families such as Ryuk, Phobos, and Sodinokibi are seeing the highest growth. For example, since its introduction in May 2019, detections of Sodinokibi (a ransomware family that targets Windows systems) have increased by 820%  against organizations including businesses, according to Malewarebytes.

Locally, experts say they’ve seen heightened ransomware activity.

Plainview-based UOTech.co, which specializes in IT managed services including ransomware protection and remediation services, says it’s seen around a 224% increase year-over-year in attempted ransomware attacks against clients, says CEO Michael Maser.

Thankfully none of those clients' systems were infiltrated because of safeguards put in place, he says.

UOTech.co uses several layers of protection, including managing client systems with Sophos Intercept X, which can detect the characteristics and behaviors of an attack and backup files in real time in case data gets encrypted.

That way you have access to the most recent saved data before the attack, Maser says.

Most ransomware attacks are delivered through phishing emails or by visiting an infected website, says Matthew Pascucci, senior cybersecurity practice manager at Bohemia-based CCSI, a managed IT and security services provider.

He’s also seen an uptick in ransomware attempts against businesses in the last three or four months.

CCSI uses various solutions from Fortinet, including a web filtering solution that blocks access to malicious, hacked, or inappropriate websites and an email gateway protection to reduce the risk of phishing emails coming into an organization.

Pascucci says hackers continue to get more savvy realizing companies do backups, and now use other threats besides data encryption such as threatening to release sensitive data.

Sometimes the best protection is education and training of employees to avoid an attack.

“You need to make employees active participants and active defenders rather than passive liabilities,” says Benjamin Dynkin, co-founder of Great Neck-based Atlas Cybersecurity.

Phishing testing can help, he says. This is where employees unknowingly would get emails randomly at different times and they’d get scored on whether they clicked on a phishing test email or not.

Atlas also provides a layered defense approach to clients, Dynkin says, including what he calls a “last line of defense” solution they’re offering through a new partnership with Cyber Crucible, based in Severna Park, Maryland.

In the event of an attack, Cyber Crucible’s solution Ransomware Rewind, in most cases can detect and decrypt ransomware and restore systems and files even if there’s no backup, says CEO Dennis Underwood. The software would have to already be installed on the client’s system before the attack.

“The challenge with security is nothing is ever 100%,” says Underwood, but he noted that a recently relaunched version of the software has had a high success rate with test subjects.

Beyond such technology solutions, firms also must have a security plan with clear policies, says Michael Nizich, director of the Entrepreneurship & Technology Innovation Center at New York Institute of Technology in Old Westbury, which offers cybersecurity academic programs and has a cybersecurity lab on campus.

They need to make clear what‘s acceptable and what’s not and lay out disciplinary actions associated with not following the policy, he says.

Educate employees on what to look for in phishing emails, like looking at the suffix of an email and seeing if it matches the institution it’s purportedly coming from.

“Education programs should be part of every security plan,” says Nizich.