In the world of information security, this year 2017 will be marked by ransomware attacks, a method also known as data kidnapping, in which relevant user and companies information is encrypted and is inaccessible. From this the criminals charge values that are around R $ 400.00 to return access to kidnapped information, although this amount may vary greatly, according to the size of the company and the relevance of the kidnapped data.
Experts point out that this form of attack is generalizing and will have new variants throughout the year and may also affect cloud -based backup services. Estimates indicate that the profit of criminals who perform this type of attack is expected to reach nearly $ 5 billion over 2017.
In a survey conducted by Trend Micro , it was found that 51% of Brazilian companies were victims of ransomware attacks in 2016. Another worrying fact that the survey pointed out is that 56% do not have technologies for monitoring and detecting suspicious behaviors or network attacks.
Ransomware attacks have become so common that they have even become a signature service where any internet user without computer technician knowledge can apply the attack. This service became known as “ransomware as a service” or “crime as a service” - “ransomware as a service” or “crime as a service”, translating into Portuguese.
In data released by the FBI, in 2016 in the United States only the damage caused by ransomware attacks reached $ 1 billion. And the estimate is that this number increases significantly in 2017. Then imagine the risks to Brazilian companies, where 50% do not have forms of prevention against the problem.
Companies suffering this type of attack are subject to various forms of problems and losses: from total data loss in cases where there is no backup or release of access to kidnapped files; Until the interruption of systems, computer network and business operations, such as customer service.
To consider how important it is to take steps to reduce risks, try to imagine the impact that information loss can have on your business!
Unfortunately there is no way to be 100% protected against ransomware. However, it is possible to map the risks and take measures that significantly reduce the chances of occurrences of the problem.
There are very different ways of occurring an attack, let's look at some:
- E-mail messages:
- Phishing, for example with promotions simulation
- Infected attached files
- User accounts and server attacks with weak passwords
- Hacked internet website, which are used as a direction for attacks
- Fake News Publishing with reference to harmful sites
- Publication of harmful links on social networks
- Internet ads, including social networks and search services like Google
- Via applications and SMS on smartphones and tablets
- Discontent and vindictive employees in companies
We really have quite different ways for the occurrence of ransomware, but it is possible to reduce the rich with some measures:
User Training
This is undoubtedly the main gateway to most viruses and virtual attacks on companies. Most professionals cannot identify possible risks, such as a fake email message and ends up clicking malicious links or opening infected files when this happens it is very difficult to prevent the attack from occurring.
This is why it is important to periodic training with employees, addressing mainly how to identify threats and what are possible risks to the company and professionals. We suggest downloading this material that addresses safe ways of using the internet .
Define a policy of using secure passwords
Weak and insecure passwords is a recurring problem with internet users, after all who has never used passwords related to dates, addresses and family, even important accounts such as banks or email. But the problem is that criminals know this and explore this vulnerability a lot, with systems that test password combinations repeatedly until it is discovered.
Fortunately, this problem is simple to solve, just create rules for using passwords with more than 8 characters, which combine uppercase, tiny, numbers and preferably keyboard symbols, with periodic password exchange, for example every 3 months. I also leave the suggestion to download this safe password and user use guide .
Email and anti-spam inspection services
We know that fake email messages are often used in attacks. To mitigate the risks, first it is necessary for corporate email to have activated anti-spam services, this will ensure that most risk messages are barred and even open by users.
In addition, we also recommend email inspection, where the content, files and links of email messages are evaluated and any suspicious item will make the email barred. This filter can be considered complementary and even smarter than spam control.
Webfilter and Navigation Control Services
These services that allow us to manage what corporate network users access on the internet, preventing them from browsing harmful and malicious websites. It is important that this navigation control is based on the reputation of the websites so that it can efficiently identify sites that offer risks.
There are dozens of different services for navigation control in companies. Lumiun Tecnologia is an excellent alternative for having a simple and affordable implementation, and at the same time easy to manage.
Keep systems always updated
Criminals study possible vulnerabilities in systems and exploit these flaws to attacks. That is why virtually all systems have updates, which correct possible vulnerabilities.
It is essential to keep all software always updated, from its operating system, antivirus and other installed programs.
Avoid remote access to computers and servers on your network
Maintaining external access to your company computers and servers is the same as allowing access to the data door, this practice combined with weak passwords is fatal, easily criminals will have access to your company's data. Therefore, allow this type of access only in really necessary cases.
Internal user behavior monitoring
This is a usually -based Machine Learning solution that uses data intelligence and systems to detect unusual behaviors within your network, both by users and equipment. Any suspicious activity can generate a warning to those responsible, for example, users copying business data or downloading internet programs that are not related to the company's activities.
Backup and Backup Monitoring
Having a copy of the company's relevant data is critical. But more than that, it is necessary that the backup policy is constant and efficient, with daily copies and storage media distributed in different locations. A good option is the use of cloud backup services.
If your company's data kidnapping occurs, it is not recommended to pay the rescue to criminals. That's why backup becomes important for restoring information. Do not let the situation happen that you need your backup and only then realize that the saved data is from the previous month - unfortunately this situation is more common than you think.
As we can see, measures to avoid ransomware attacks are relatively simple to implement and do not require large investments, considering the risks and damage that possible problems can generate. It is also important to realize that these measures are organized in layers, going mainly by prevention, even what can be done in case of data sequestration.
Finally, investing in information security is to avoid greater losses for your business. Do not expect to have your data kidnapped to prevent.
15 comments
Comments closed