Recent ransomware attacks got you? Don't cry; fight back!

Arsgera - Fotolia

How to boost your ransomware security awareness

With attacks soaring, how should IT organizations mount an effective defense and boost ransomware security awareness?

With ransomware attacks soaring, IT organizations need to have an effective defense in place and focus on ransomware security awareness.

The Kaspersky Security Bulletin published reports that between January and the end of September 2016, ransomware attacks on businesses increased threefold. Essentially, this translates into the frequency of ransomware attacks ramping up from an incident every two minutes to one every 40 seconds, driving the need for today's focused ransomware security awareness.   

The FBI estimated ransomware is approximately a $1 billion-a-year business -- and growing. But the nature of the attacks, which prey as much upon end-user naiveté as system vulnerabilities, is vexing organizations that aren't sure how to most effectively safeguard their assets. 

As in all areas of IT security, a successful defense starts with effective policy and end-user education.  While ransomware attacks on both consumers and businesses are making more headlines, end users are often still unaware how their own behavior -- visiting questionable sites or clicking on links in an unsolicited email -- can expose their systems to malware that locks their screens or encrypts files.

End users need to be aware of what to look for and what to avoid -- namely clicking on any link in an email that looks remotely suspicious. And, of course, it is absolutely crucial that organizations keep their antimalware software up to date.

In the event an organization falls victim to an attack, it may be tempting to avoid the consequential psychological warfare and just pay the ransom. Unfortunately, even if that particular business gets access to its data upon payment and is never attacked again, giving in to the attacker's demand will only serve to encourage future attacks on others.  

As in all areas of IT security, a successful defense starts with effective policy and end-user education.

There are sources available to assist enterprises under attack, including those from law enforcement. Businesses can also seek counsel from experts in the industry as they work on ransomware security awareness. One source is the No More Ransom Project, an online portal founded by cybersecurity vendors and organizations that provides ransomware attack victims with tools they can use to decrypt their breached files. Site organizers claim the project has helped 6,000 companies targeted in ransomware attacks save more than $2 million.

Next Steps

Doxware ransomware vs. extortionware

Ransomware prevention may be a losing battle

Protecting hospitals against ransomware

This was last published in March 2017

Dig Deeper on Network Access Control