• Ransomware

    How to Stop Ransomware

    This article was originally published on Simple Security’s website.  Read the original article here.

    Ransomware is one of the biggest cyber threats to businesses.  It’s one that can’t be ignored unless you want to live with its potentially devastating effects.  Thankfully, there are steps you can take to reduce the risk of infection and be ready in case disaster strikes.

    Get this article, plus tools, links and more in our mind map:

    Download the Ransomware MindMap

    What is Ransomware?

    Ransomware is a hacker’s dream and a business owner’s nightmare.  It’s malicious software that infects your network and encrypts your data files and demands a ransom to decrypt them.

    Ransomware has gotten smart over the years.  It can now lie dormant for months, quietly watching your network before attacking your most important files (timed for when you’re not paying attention, like at night).

    Ransomware is BIG business:

    • In 2016, Ransomware revenues are estimated at $1,000,000,000
    • Cryptowall had revenues over $325,000,000 by early 2016
    • More than 50% of business pay the ransom


    With a market like that, ripe for the plucking, ransomware is a major focus for cyber-attacks.  In 2016, there were an estimated 2-3 million attacks.  Analysts expect this to double every year.

    How do I get Ransomware?

    Ransomware infections don’t magically happen – they almost always require user interaction.  A user may:

    • Click a link to an infected file in an email
    • Click a link in an infected website
    • Run an attachment


    Ransomware is sneaky.  Some of the variants camouflage themselves to pass your defenses.  Others can be targeted to organizations, like hospitals and government agencies.

    How do I protect my business?

    Here are a few key elements we recommend to protect your business from Ransomware:

    • Enterprise-grade centrally managed anti-virus
      • This catches the known variants, but not the new ones
    • Enterprise-grade spam filter
      • Block phishing and emails with dangerous links before they get in
    • Content filtering
      • Stop access to websites with known infections
      • Block access to Ransomware “command and control” so they can’t encrypt
    • Backup
      • Have an enterprise-grade backup system that can restore you from backup quickly
      • Ensure you’re backing up often enough that you only lose an acceptable amount of data
    • Security awareness training
      • Teach your team to recognize threats before they get to you
      • This is most important and often neglected
    • Ransomware blockers
      • This is more effective than anti-virus and ensures Ransomware doesn’t get in – but it’s not foolproof
      • The enterprise version of this is called application whitelisting. It’s extremely effective, but can be IT-resource intensive

    What do you do if you’re infected?

    New variants of Ransomware are released daily – one site reported 19 new variants during the week of Jan 21, 2017.  That doesn’t include targeted variants.  Because of this, it’s impossible for the traditional anti-virus products to protect you.

    Even with all the above controls in place, you may get infected.

    When it happens:

    • Shut down your PCs and servers immediately. This stops the encryption from spreading.
    • Try to clean your systems (in isolation).
      • Disconnect one computer from the network
      • Use a commercial decryptor
    • Plan for nothing to work. Restore from backup


    Please please please do not pay the ransom unless it’s critical.  Every ransom paid encourages the growth of this style of attack.

    Ransoms are normally in Bitcoins.  The average ransom is around $2500 USD (around 2 Bitcoin).  High payments can be more than $10,000.

    Note: Paying the ransom doesn’t guarantee they’ll unlock you.  While most groups are good (it’s a business after all), there’s no honor amongst thieves.

    Our Advice

    We’ve had many clients over the past few years be infected, with downtime costs ranging from $20,000 to $150,000.  After being attacked, they all put the right defenses in place …

    Learn from their mistakes.  Expect you’ll be the victim of Ransomware at least once.  Put the right defenses in place now and minimize the risk.

    Mike Knapp is an IT Project Superhero and Cyber-Security Simplifier with the goals of helping business be more successful and reducing the risk of cyber-attacks. He is a partner with Incrementa Consulting and the founder of Simple Security.

    If you liked what you read, share it with the world...
    Share on LinkedIn
    Tweet about this on Twitter
    Share on Facebook