Ransomware attacks continue to plague businesses large and small. With impacts on all kinds of organizations — from independent consultants to leading health care providers, colleges to online gaming sites — employers must be alert to the dangers of ransomware.
But before companies can devise an effective strategy to thwart the hackers, it’s important to first understand what a ransomware attack looks like, how it begins and what kind of damage it can do.
What does a ransomware attack look like?
The delivery of ransomware is simple enough. Most instances start with a phishing attack, where a user receives an e-mail containing an unsafe link or a corrupted file or executable attachment.
Many employees and contractors haven’t been trained to spot suspicious activity and are unaware of the potential risks associated with these untrusted messages — a fact the hackers count on to carry out their plans. Rather than taking a few steps to verify the e-mail’s authenticity, the employee opens the file or clicks on the web link, and a ransomware attack is born.
The ransomware infection immediately gets to work blocking access to data on the user’s computer. In many cases, it spreads throughout the network to other locations, such as connected computers, the company’s servers and any cloud-based storage repositories.
This proliferation across the network is rapid, typically happening much too quickly for the organization to effectively block or delete the ransomware before it inflicts harm. A screen soon appears, warning the user that they can no longer access anything on their computer unless they pay the ransom to get their data back.
Damage from the ransomware attack becomes all too real as the infection encrypts data files and prevents access to the information inside. Files may also be renamed using unrecognized file extensions, such as “.zzz” or “.OMG!” to highlight the fact that they cannot be opened.
Further destruction occurs when the ransomware deletes shadow files, effectively eliminating the possibility of accessing local backups that were previously assumed to be safe.
What can be done?
An infected business has few options once ransomware infiltrates the network. One option is to pay the ransom and hope data access is restored. It’s hardly a foolproof strategy. Sometimes the criminals simply take the money and run, leaving the organization in dire straits and lighter on cash.
Another option is to find a safe computer — one that wasn’t connected to the network when the ransomware took over — and retrieve backup data from an isolated hard drive or other external location that was not affected.
A third alternative is to wipe the entire network clean or start from scratch with new equipment, rebuilding the datasets from protected archives and memory. Each strategy has its shortcomings and all will cost the company in time and money.
There may also be a significant delay as the organization attempts to return to normal operations with incomplete data or incapacitated hardware. No matter which route the business takes, sensitive information — possibly including corporate financials and employees’ personal data — has been compromised by the attack.
Rock-solid preparation is key
The best approach is to develop a plan to protect the organization from a ransomware attack long before one occurs. A proactive strategy is the first and best line of defense against the harm that employees, the business and its customers could face if ransomware is allowed to enter the network.
HR managers are in a good position to help shape that plan and guide its adoption within the organization.
Begin by collaborating with the IT group to create a backup and recovery strategy that is impervious to ransomware. Archival copies of confidential and business-critical data stored in an unconnected location — either onsite or in the cloud — will provide a safe way to restore information and continue operations.
The type and volume of data that must be protected within the HR organization should be discussed as part of the master plan, including not just employees’ personal information but also data related to contractors, candidates and board members.
Developing company-wide awareness is another important component in a ransomware protection plan. When most organizations think “awareness,” they think annual training in a classroom room, but the best awareness programs go beyond the classroom.
Tools such as white-hat phishing tests can be used to evaluate the effectiveness of existing security measures. HR managers are experts at disseminating training elements to the employee base — for instance, through eye-catching e-mails to confirm they know how to spot suspicious messages.
In addition, by disseminating regular reports to employees about real-world ransomware cases and other cyber security threats, the HR team can inform employees about which types of attacks are trending.
The company newsletter and intranet site can be used to spread this information across the workforce. An awareness program’s reach can also be extended by establishing and teaching e-mail rules built around good security practices. These may include moving e-mails with attachments to a quarantine location or into the junk mail bin.
Employers who are serious about avoiding the risks of ransomware will also want to explore next-generation anti-malware tools. Leading solutions can “inoculate” servers and hosts against ransomware by recognizing the apps that are being used in the attack and defeating them, a security approach designed to shield the organization from the ravages of an attack.
Many top-tier offerings can also identify suspicious e-mail attachments and either block users’ ability to open or launch them, or move them to a network location that can’t be used as an entry point to the rest of the firm’s data. If in-house technology and expertise isn’t available, there are subscription-based services that grade the safety of the sources of incoming e-mails.
When looking at the landscape of ransomware, it’s clear that an employer’s best defense is rock-solid preparation. These attacks typically can’t be reversed, and making matters more difficult is the energy that criminals are putting into devising new delivery methods to stay one step ahead of their victims.
But with a strong focus on employee training and awareness, HR managers can play a key role in creating a privacy culture that builds best practices into everyone’s day-to-day behavior.