Businesses – Beware of Ransomware

Wednesday, June 08 at 06:55 AM
Category: Business Banking

Ransomware is a form of malware that targets both human and technical weaknesses in organizations in an effort to deny the availability of critical data and/or systems. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, at which time the actor purportedly provides an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure.

Infection Vectors
Ransomware is frequently delivered through phishing emails with malicious attachments or/and links. Early ransomware emails were often generic in nature, but more recent emails are highly targeted to both the organization and individual, making scrutiny of the document and sender important to prevent exploitation.

While the FBI normally recommends organizations invest in measures to prevent, detect, and remediate cyber exploitation, the key areas to focus on with ransomware are prevention, business continuity, and remediation.

Prevention Considerations
  • Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
  • Patch the operating system, software, and firmware on devices. 
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Manage the use of privileged accounts. Implement the principle of least privilege. Those with a need for administrator accounts should only use them when necessary.
  • Disable macro scripts from office files transmitted via email. 
  • Implement software restriction policies (SRP) or other controls to prevent the execution of programs in common ransomware locations.
Business Continuity Considerations
  • Regularly back up data and verify its integrity.
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up.
Other Considerations
  • Implement application whitelisting. 
  • Use virtualized environments to execute operating system environments or specific programs.
  • Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organization units. 
  • Require user interaction for end user applications communicating with websites uncategorized by the network proxy or firewall. 
The Ransom
The FBI does not advocate paying a ransom to an adversary. Paying a ransom does not guarantee an organization will regain access to their data. Paying a ransom emboldens the adversary to target other organizations for profit and provides a lucrative environment for other criminals to become involved. 
 
Finally, by paying a ransom, an organization is funding illicit activity associated with criminal groups, including potential terrorist groups, who likely will continue to target an organization. While the FBI does not advocate paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees and customers.

In all cases, the FBI encourages organizations to contact their local FBI Cyber Task Force immediately to report a ransomware event and request assistance. The FBI works with federal, state, local and international partners to pursue cyber actors globally and assist victims of cyber crime. Victims are also encouraged to report cyber incidents to the FBI’s Internet Crime Complaint Center*.
 
Information courtesy of the Federal Bureau of Investigation – Cyber Division. 

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.

Tags: Arvest Biz, Business Banking, Privacy and Security, Technology
There are no comments associated with this entry.

Post a Comment

  •  
  •  
  • Website Address:
  •  

Choose one or more categories to subscribe to:




Cancel