Ransomware cost victims an estimated $1 billion in 2016, a 4,000-percent increase from the previous year. And ransomware attackers are getting bolder, demanding higher amounts, sometimes striking more than once, and even trying to turn victims into accomplices by inciting them to infect others.
More often than not, ransomware victims agree to pay to regain access to their data and systems. A recent IBM poll of 600 U.S. business leaders revealed that 70 percent of businesses infected with ransomware paid the demanded extortion fee. Half of them paid more than $10,000, and 20 percent paid more than $40,000.
Of course, the more victims pay, the more ransomware attackers are likely to strike because it works. But that cycle would be broken if victims stopped paying. To be in a position to resist cyber extortion, though, businesses must protect themselves.
That’s where MSPs come in. As the third party responsible for protecting your customers’ data from cyber threats, you need to keep up with ransomware trends, educate customers about those threats, and help them implement tools and practices to prevent them from becoming the next victim of ransomware. Here are five best practices to follow:
- Educate Clients
Education is an essential component of effective cyber protection. You can’t properly defend against something you don’t understand. Explain to customers how ransomware works, and teach them the popular social engineering tactics employed by ransomware attackers. Phishing is the most common method of spreading ransomware, so make sure they understand the dangers of phishing by teaching users to avoid clicking email attachments and URLs from unknown or suspicious senders.
- Apply Security Patches
Security vendors release patches periodically as new malware variants are identified. Be sure to keep up with patches and make sure your customers’ endpoint security tools and firewalls are up to date. The best approach is to automate patch management so clients don’t have to rely on distracted or busy users to apply patches when they are released. In addition to security tools, regularly update operating systems, applications, and software to address any vulnerabilities that hackers might exploit to deliver malware.
- Address Attack Vectors
Understanding how ransomware gets into systems is key to stopping it. Often, malware variants exploit vulnerabilities in everyday tools and applications. Macros in Microsoft Office programs have been a common target. Macros automate frequently used tasks, and if malicious code is introduced in one file, it can quickly spread. Make sure clients disable macros. The same goes for blocking .exe files from the AppData or LocalAppData folders, which have been another common ransomware target.
- Implement Advanced Security
Ransomware and other types of malware often succeed because cybercriminals create code that eludes basic firewalls and antivirus tools. No security tool is 100-percent foolproof, but some advanced firewalls and endpoint security solutions use behavior analysis and threat intelligence to identify potentially harmful code and zero-day threats. Familiarize yourself with sophisticated, ransomware-detecting solutions to help strengthen your customers’ security posture.
- Always Back Up
SMBs are known for not taking data backup seriously, in the belief they have nothing that is of interest to cybercriminals. The reality is quite the opposite, so it’s incumbent on MSPs to address this misconception and insist their clients employ sound backup practices. That means backing up regularly to an offsite data archive. Offsite backups are an absolute must because any data backed up locally can also get infected in a ransomware attack.
No business is immune to ransomware, but with your guidance and technical expertise, your clients can avoid becoming the next ransomware victim.
Chris Crellin is Senior Director of Product Management for Intronis MSP Solutions by Barracuda, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.
(Editor’s note: contributed blogs like this are part of ChannelBuzz.ca’s annual sponsorship program. Find out more here.)