Merriam-Webster defines ransom as “a sum of money or other payment demanded or paid for the release of a prisoner”. Far be it from what the dictionary had in mind, ransomware identifies the aforementioned “prisoner” as either sensitive data or proprietary technology. Although encrypted files are themselves indifferent to the overtaking (being not human, and all), everyone at the organization will feel undeniable pressure. As this decade draws to a close, ransomware is becoming ever more popular, much to the chagrin of the public entity world.

In a traditional hostage situation, the terms are abundantly clear and one can easily weigh the cost-benefit of either acquiescing to the criminal or fighting tooth and nail; risks and potential losses are oft black and white. In the  world of cybersecurity and business operations relying on systems and data, every second passed is costly interruption that can be difficult to put a price tag on. This dilemma inevitably raises the stakes and increases pressure to pay.

To earn your attention and paint the reality of ransomware before moving on, it's worth noting that 71% of all ransomware attacks in 2018 targeted small businesses and organizations, while the average cost per demand amounted to $116,000. (Learn more). Does your organization have an emergency fund ready to splurge on fulfilling an arbitrary criminal demand? I’m guessing you don’t, nor should you!

Let’s talk about how all of this works, and then we can segue into precautions you can take to avoid being part of the unfortunate statistics I threw at you just now. Let’s think of ransomware as weaponized encryption; truly the most profitable form of malware. Here’s how it works:

-Exploitation

The process begins by ushering in a wolf in sheep's clothing. The malicious file (the weapon) is installed on a computer, most commonly by means of a phishing attack. Thematically, we continue to point to human error as the biggest cyber risk imaginable.

-Execution

As advertised, this is the stage when the ransomware files are executed with supporting persistence mechanisms (think: the file arrives and doesn’t plan on leaving for quite a while!). Persistence is not a good term, here.

-Backup Destruction

To avoid affording the organization a quick fix, this stage will target any verifiable data and system backups to increase the probability that ransom will get paid.

-Encryption

The targeted files are soon encrypted to create a headache for the IT group. This is done via a secure key exchange, which basically means that files and systems will no longer be able to productively communicate with one another.

-Notification

This is also referred to as delivering the bad news. In effect, this final stage carries a tagline of “show me the money!” (or, “show me the Bitcoin!”)


Since you might quite literally be fast asleep until step five (the painful reality), you can see how vulnerable this leaves an organization that does not fervently protect and backup systems with top security protocols in mind. Let’s then talk about how you can avoid getting involved on the wrong side of a transfer worth north of $100,000, only to cling to hopes that your files are decrypted in result. A positive outcome is not a foregone conclusion, as the FBI will note that it recommends not paying the ransom whatsoever!


1. Backup your data and keep the routine.

Most professionals (ourselves included) recommend backing up sensitive data at a minimum of once per week. If possible, you should look to complete this exercise once per twenty- four hours. You can easily locate data backup solutions by running a quick Google search and comparing apples to apples on vendor support, features, price, and customer reviews

2. Deploy software defenses

As mentioned above, most ransomware attacks are the product of a phishing email. By deploying expert machine learning combined with language analysis, you and your colleagues can be coached away from suspicious emails by means of an email inbox guardian. Paladin Protection Suite’s proudly touts an inbox add-on, handling these reviews comprehensively in real time, as one of the key features of the program

3. Training and Behavioral Change

When you don’t work in IT by definition, it can be difficult to remember best practices and maintain vigilance throughout a given workday. By testing your employees with craftily worded sample phishing and providing concise and snackable trainings, you can mitigate the biggest risk to your organization: human error. We are Paladin pride ourselves in being education first, taking the time to coach you through the reality of cybersecurity and offering assistance if you truly see the program’s value


Considering these three simple steps and working with a professional like Paladin, you can build a strong cyber-foundation and foster an organization made up of security stalwarts. Contact us here to learn more and see how the program works.