Jeff Sizemore, VP of Governance and Compliance, Egnyte
Ransomware is a relatively new form of malware that poses significant threats to computer networks, even those with effective security systems. It masquerades as legitimate software and uses encryption protocols, like those designed to protect personal information, to lock down files and hold data for ransom. In addition to the increased frequency of attacks, hackers are continuing to grow more sophisticated, targeting high profile businesses that can afford to pay higher ransoms.
There are several ways in which ransomware can gain access to a device, including email phishing, Web-based instant messaging applications, and compromised websites. Users may download attachments disguised as trustworthy files or click on links that grant hackers administrative access. Once a computer is infected, ransomware encrypts all available data, rendering the device essentially useless until the victim pays for the decryption key.
Once a system is infiltrated, ransomware can infect other users when the encrypted data is shared, wreaking havoc across collaborative environments. If multiple users/computers are infected, productivity may grind to a halt, leaving businesses scrambling to regain file access. Frequent, automatic backups can help restore data and operations with minimal business interruption, but without centralized reporting and auditing capabilities, companies cannot isolate infected users or accounts.
Deploying a SaaS product or enterprise-grade cloud service keeps IT in total control of company data. There are four essential layers for protecting your data and avoiding high ransom costs…
- Ransomware detection software should be state-of-the-art with continued, automatic threat intelligence updates.
- IT should apply granular permissions to specify which files or folders employees can use. Setting permissions first ensures users only have access to the content they need, helping to limit the spread of ransomware if an account is infected.
- Having the ability to isolate and/or disable infected accounts. In addition to stopping the spread of ransomware, this will help trace the origin back to a specific user or device, providing valuable insight into system vulnerabilities, as well as ways to prevent future infections.
- In the event of a ransomware attack, file versioning allows users to roll back to previous, un-encrypted file variations. Once an encrypted file is identified, it can restore a previous file version, enabling business operations to continue uninterrupted.
Businesses without modernized content architecture are especially susceptible to the spread of ransomware. It is important to review your current security procedures and educate users on how to avoid malware scams. Ransomware attacks cannot be completely prevented but they can be mitigated through detection software, proper data architecture and increased IT capabilities.