Target HR: What Can You Do to Stop Ransomware?

More and more, HR departments are becoming the target of ransomware attacks.

In early April 2016, an email containing a link to a Dropbox “resume” file was sent to a number of HR professionals; it was actually something called Petya ransomware, a particularly nasty form of ransomware that encrypts whole hard drives.

And, lest you think this is an isolated problem, think again: security awareness training provider KnowBe4 estimates that the size of the ransomware “industry” is $200 million annually. It’s growing rapidly and impacting thousands of victims and businesses.

When a computer becomes infected with ransomware, all of the data files on that computer become encrypted. The cybercriminal who created or distributed the ransomware will then inform the victim that they have a limited amount of time to pay a ransom in order to obtain a decryption key. If payment is made, the decryption key is delivered and the victim can unlock his or her files. If the victim refuses to pay, the files are forever lost.

Ransomware is an especially frustrating type of malware because it combines someone violating the sanctity of your private or employer property and then extorting money from you so that you can regain access to what’s rightfully yours; a bit like someone locking you out of your own home and then charging you to get back in.

So, what can you do about it? There are several ways to keep yourself from becoming a ransomware victim and mitigate the impact if an employee becomes one:

  • Be careful about what you click on or open in email
    The most common way that ransomware infiltrates an organization is through a phishing email that contains either a link to a malicious site or an infected attachment. Users who click on these links or open the attachments can easily infect their computer with all sorts of nasty malware, including ransomware. Consequently, NEVER click on a link or open an attachment unless you’re certain of who has sent it to you, and never click on an attachment that has an executable extension (such as .exe).
  • Be careful about what you click everywhere else
    Another method for introducing ransomware into an organization is through an infected advertisement on a web or social media page. This so-called “malvertising” is an effective method to introduce ransomware to a computer by doing nothing more than basic web surfing. Similarly, visiting an infected website can infect a PC with ransomware and other forms of malware in what’s known as a “drive-by” download. To reduce the likelihood of these types of infection, be careful about what you click on and be skeptical about notifications you might receive, such as the need to download a piece of software, a notice that your computer is infected with malware or a Flash update. If you do encounter a pop-up window that tells you a piece of software on your PC needs an update, go to the vendor’s website and navigate to the update page to initiate the download yourself.
  • Maintain continual backups of your computer
    If you do become a ransomware victim but have a recent backup of your PC’s data you can return to a last known “good state”—a point in the recent past just before your computer became infected. This will allow you to wipe the PC and restore your data to a point before the infection, effectively negating the impact of the attack. While you may lose a few files you had created since the last backup, this is an inexpensive way to minimize the impact of ransomware.
  • Kill your internet connection
    As Rick Delgado noted in a blog post for Tripwire, another effective method for mitigating the impact of ransomware infiltration is simply to disconnect from the internet if you suspect you’ve been infected. While you may not be able to do so quickly enough to avoid all potential impacts of an infection, you might be able to limit the spread if you unplug soon enough.

Ransomware is bad and is getting worse, as exemplified by the recent attack on Hollywood Presbyterian Medical Center in Los Angeles, which had to pay a bitcoin ransom equivalent to $17,000 in order to get its data unencrypted.

While the FBI and others strongly recommend not paying the ransom, unprepared users and companies sometimes have no choice. The key is to be prepared by backing up your data, and being highly skeptical of anything in email or on the web that seems to be even remotely suspicious.

About Michael Osterman

Michael Osterman is owner of Osterman Research, which provides timely and accurate market research, cost data, cost models, benchmarking information and other services to technology-based companies. They do this by continually gathering information from IT decision-makers and end-users of information technology through in-depth market research surveys. They also analyze and report this information to help companies develop and improve the products and services they offer, and to help organizations make better decisions about their security, archiving and other capabilities.