Protecting Your Data and Networks From Ransomware

Ransomware is the fastest-growing cyber security threat targeted at businesses today, but some basic digital hygiene can help reduce your company’s risk significantly.

Security expert Mike Foster, founder and CEO of the security consulting firm Foster Institute, told an audience at the 2017 Financial Leadership Summit presented by Financial Executives International a growing number of companies are being targeted by ransomware – a technique in which hackers sneak malicious software into an organization’s network and encrypt files.

The hackers then demand money for a decryption key needed to unlock the files and restore the organization’s access to its data.

“Guess what happens when you pay the ransom?” Foster asked. “Will the ransomware key unlock the data? Does it work right? Yes, it does – they have a reputation to protect. If the ransomware doesn’t work, people won’t pay the ransom. In fact, most of them have online chat to help you pay.”

Foster said the immediate reaction by most companies is to try to restore the encrypted files from an online backup. Unfortunately, about half of organizations have never tested their ability to recover data from their backups and find out too late the backups haven’t been working properly.

“Getting ransomware never a good way to test your company’s restore,” Foster said.

Compounding the recovery risk is trying to restore backup files to the encrypted server. If the backup doesn’t work properly a company can corrupt the encrypted files badly enough the decryption key won’t work if they pay ransom.

Instead, Foster suggested, it’s better to restore backup files to a clean server or to duplicate an encrypted server before trying to recover files. That preserves your ability to, as a last resort, meet the hacker’s financial demands.

Foster then provided a number of suggestions to help audience members protect their organizations and themselves from online hacking threats.

Passwords remain a common vulnerability for online security, despite a variety of notable breaches and consistent warnings from security pros to avoid re-using the same passwords on multiple websites.

Instead, Foster recommended using password manager applications to generate and store stronger passwords than any of us are likely to remember or use – but which hackers are less likely to guess with automated password discovery tools.

But because password managers themselves are vulnerable to hacker attacks, Foster cautioned against storing online banking credentials in the tools.

Foster similarly suggested attendees use two-step verification when logging into websites that support the protocol. In the most common approaches, a website will require a password and then text a verification code to the registered user’s mobile device.

Combining the need to enter something the user knows (the password) with something he or she has (the mobile device) reduces the risk of password compromise significantly.

Security software updates known as patches are another common hassle for company IT teams for several reasons, starting with the challenge of keeping up with updates from all of the company’s software vendors. Although patches are issues to address identified security vulnerabilities, many IT administrators put off installing patches because they can cause unpredictable problems on a company’s network.

Foster advocated a consistent patching approach involving testing a patch outside of the company’s live servers and data, and deploying patches gradually to reduce of the risk of emerging problems.

He also suggested companies disable the ability of web browser add-ons such as Flash or Java to run without specific authorization from users. Allowing those add-ons to run automatically increases the risk significantly from malicious software.

“Flash and Java are among best tools for doing cool things in a browser,” Foster said. “They’re also among best ways for hackers to do bad things in your browser.”