WatchPoint Security Blog

Ransomware Destroying Businesses; How Do You Stop It?

Written by Michael Collis | May 18, 2016
You come into work Monday morning after a wonderful weekend with the family
and are ready to start the week off with a bang. Meetings scheduled, appointments set, clients to contact, but first you need to get through any important e-mails you may have missed after a few days away. A few invites for meetings, a proposal was sent back and signed, and a package is coming from Fed Ex. The attachment in this e-mail lets you know when the package is to arrive, better open that, right? Wrong. If you did, there
is a good chance you just infected your whole network with Ransomware.
 
Ransomware, or CryptoLocker virus, was just introduced to your network and is going through your shared files at a rate of more than a thousand per second. When the virus has run its’ course through your network, encrypting all of your files you receive a nice screen like this:
 
Looks pretty doesn’t it? Not really.  Now you have three options:
 
1) You can take the chance of paying the ransom and cross your fingers that this cybercriminal will give you back your data. This is a risky move and one we at WatchPoint do not suggest. Can you really trust that a cybercriminal is going to do as they have promised? They have already hacked your network; do you think they are so ethical that they are going to do as they say? We have seen many cases where even if you wanted to pay, you couldn't. The offenders payment system gets shut down.  The decryption tool doesn't work or was never even built.  Or, best of all you pay, and they ask for more. Hey, if you are going to pony up the cash once you are going to do it again, right?

2) In my opinion, your best option; restore from back-up. Hopefully, you have made a wise investment in a solid back-up company that stores your data off site. This can get you back up and running in anywhere from a few hours to a few weeks depending on how severe the loss of data was and how it was stored.

3) You can recreate all of your data. If you don't have a solid back-up of your data and do not like the idea of paying off criminals, your only other option is to recreate all that data. This sounds like a fun idea, doesn't it?
 
Here are some recent facts about Crypto and Ransomware:
 
-Ransomware will cost businesses $1 billion in 2016. - FBI
-There has been a 66% increase in malicious emails in first quarter (Q1) of 2016
-Malicious emails have increased 800% in Q1-2016 compared to Q1 2015
-Antivirus is only 47% effective
-New threats are created at a rate of 3.5 per second
-Phishing campaigns are 45% successful
 
So What Can You Do to Prevent This?
 
WatchPoint recommends Defense-in-Depth, meaning using multiple layers of defense including WatchPoint CryptoStopper.io. A typical Defense-in-Depth model would include CryptoStopper.io, updated AV, Endpoint Detection and Response, firewall and intrusion prevention.
 
CryptoStopper.io will continuously monitor your system for ransomware activity. When ransomware is detected, CryptoStopper.io isolates the offending user, notifies you of the
infection and prevents any damage from occurring. Learn more and download a fully functional 14-day test drive. The trial allows you to simulate a Ransomware attack on your network and see the isolation process in action.