Ransomware threatens enterprise networks, devices, finances, and reputations. This type of malware demands that the victim pay a specified ransom to regain access to their computer systems or files. Ransomware also takes different forms, some more difficult to recover from than others.
Although ransomware is one of the most sinuous and devastating cyber attacks, there are ways enterprises can mitigate its effects or prevent it altogether.
What are the most common types of ransomware?
Four common ransomware models compromise enterprise systems and data at different levels, ranging from potentially salvageable to nearly impossible to undo.
Also known as screen-locking ransomware, locker ransomware restricts access to a computer, often by locking the device’s operating system. Not all locker ransomware encrypts individual files, but some variants may.
Because there are methods of accessing computers even if the device is blocked (like restarting it in safe mode), lock screen variants of ransomware are typically the easiest attacks to recover from and regain access to the system. If the ransomware encrypted individual files, it would be more challenging—perhaps impossible—to restore data without paying the demanded ransom.
Crypto ransomware encrypts only select files within an organization’s computer systems. Its name comes from the process of file encryption; it doesn’t block access to the full operating system like screen-locking ransomware. Crypto ransomware often infects computers when users click malicious links in emails; these malware-ridden links execute a ransomware program once launched. Crypto ransomware can also be spread through compromised web applications. In a crypto ransomware attack, each file may have a different encryption key.
Doxware is a type of ransomware that comes from attackers who not only encrypt data but also threaten to publish it on the internet. It comes from the term “doxing” (threatening to publish individuals’ personal data online). Doxware is a particularly dangerous form of ransomware because it renders backups useless in protecting customer data. Even if the victim organization has copies of data that it can quickly restore, its refusal to pay the ransom can result in sensitive customer information being published on the internet.
This technique also makes additional fines possible: if the victim organization is found to be noncompliant with data protection regulations, it could have to pay a fine to regulatory bodies. Corporations that have been found noncompliant with GDPR, for example, have been saddled with fines over a million dollars.
Ransomware as a service (RaaS)
Ransomware as a service (RaaS) is a business model that offers ransomware code, designed by experienced developers, to individuals or organizations that don’t possess the software development skills or personnel to develop their own. Like SaaS, RaaS makes the implementation easier: attackers receive code they can install on their own websites or programs.
For every successful attack and paid ransom, both the RaaS provider and their client — typically known as an affiliate — receives a share of the profit. RaaS is frequently a subscription model in which affiliates pay a certain amount of money per month to use the service. There are other payment models as well, like SaaS.
Also read: What is RaaS?
What steps can businesses take to prevent the spread of ransomware?
These ransomware mitigation and prevention tactics are the beginning steps to protecting company networks and devices from being encrypted.
Unplugging an infected device
If an employee opens their computer for the first time and sees their computer has been locked by a malicious program, the spread of the ransomware could be halted if they immediately disconnect their computer from the internet. That prevents the ransomware from passing between any internet-dependent applications. Disconnecting from the internet works more quickly for ethernet-connected devices, as disconnecting from Wi-Fi may not be fast enough.
Remote desktop protocol protection
Securing the remote desktop protocol (RDP) on Windows computers is critical because it’s one of the most exploited attack vectors for ransomware. The remote desktop protocol permits one computer to connect to another computer so that a user can perform tasks with the applications installed on the remote desktop.
Attackers often compromise RDP by using brute force attacks to guess passwords. Add login policies to your enterprise’s RDP, such as multi-factor authentication and limited login attempts. These may require additional programming or security solutions linked to the RDP controls, but they’re worth it because RDP is so highly exploited.
Employee mistakes are responsible for the large majority of data breaches; they’re often responsible for ransomware, too. Some of the most common variants of ransomware are downloaded onto devices because an employee clicked a link in an email or entered an infected website.
All people make mistakes, but enterprises should help their employees become more familiar with social engineering techniques, so they’ll be less likely to fall for those tactics in the future.
Ways that enterprises can help their personnel to be more security aware include:
- Extensive training sessions that explain how to look for spoofed email domains, hover over links to see the address, and avoid unsecured websites
- Strict password policies
- Explaining common social engineering techniques and ransomware attack vectors
Patch management and mobile device management
Endpoint devices, especially those spread across a global workforce, must be protected from malicious software. Devices that aren’t immediately updated can be exploited by ransomware after the vulnerability is made known.
For enterprises that permit their employees to work from personal devices, mobile device management software allows the company to manage how the employee uses company applications. Setting rules for regularly updating devices and segmenting corporate data from personal applications on a mobile device are ways that enterprises can protect their company systems.
Read next: How to Prevent Ransomware Attacks