According to the Department of Homeland security, Ransomware is primarily delivered through phishing emails or by users visiting shady websites and unknowingly downloading malicious code.
“Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.” (Department of Homeland Security, 2019)
A key point is that Ransomware does not infect your server because you were hacked, did not have a firewall, or anti-virus software running. It usually gets in because an employee clicks on an email (and many times the emails look real) or an employee clicks on a website link that downloads the virus.
Verizon’s 2019 Data Breach Investigations Report, reported that when “the method of malware installation was known, email was the most common point of entry.” (Verizon, Inc., 2019)They also noted that “that the median company received over 90% of their detected malware by email. Direct install is indicative of a device that is already compromised and the malware is installed after access is established. It is possible for malware to be introduced via email, and once the foothold is gained, additional malware is downloaded, encoded to bypass detection and installed directly.” (Verizon, Inc., 2019)
(Verizon, Inc., 2019)
Recommendations to protect against ransomware
It is important to educate employees on the dangers of ransomware and to be on the lookout for suspicious emails. A helpful question to ask before clicking on an email is, “Why is this person emailing me?” Also, confirm that your company is doing a daily data backup off-site. The key is that the backup needs to be off your local server and in a secure remote location, so the virus is unable to infect the backup.
Finally, move your mission critical applications to the cloud in order to insulate you from Ransomware. Many cloud applications do not have email or a web browser associated with them.
To get started or to learn more about using IntegraSys Cloud Services, contact us at (888) 550-4700 or firstname.lastname@example.org.
Department of Homeland Security. (2019, April 11). National Cyber Awareness System. Retrieved from Protecting Against Ransomware: https://www.us-cert.gov/ncas/tips/ST19-001
Verizon, Inc. (2019). 2019 Data Breach Investigations. Retrieved from Results and Analysis: https://enterprise.verizon.com/resources/reports/dbir/2019/results-and-analysis/