Security Awareness Training Will Prevent Ransomware

Nick Santora | July 5, 2017

Unless you have been living under a rock for the past month, it is hard not to notice all of the news about the WannaCry ransomware attack.

If you don’t know what ransomware is, it’s a malicious piece of software that locks files on a computer system and demands payment to unlock them. The WannaCry ransomware affected over 200,000 victims in over 150 countries around the world. But why is this the first time we really started addressing the ransomware problem as a community?

Let’s start with a little history about ransomware. The AIDS Trojan, released in 1989 by a Harvard PhD, Dr. Joseph L. Popp, was the first known piece of ransomware. It replaced the AUTOEXEC.BAT file, which was checked by AIDS to calculate the number of times the computer was booted. Once the boot total reached 90, AIDS started to hide directories and encrypt the names of all files on the C: drive. This was when the ransom note kicked in, then alerted the user to renew the license and contact PC Cyborg Corporation for payment to receive decryption software.

Not everyone believed that Popp was as fragile as he appeared. Evidence obtained by police discovered the doctor had been planning his attack for more than a year. Lawyers claimed that Popp had been under the influence of a manic episode when he created the virus. In 1992, a report published by Virus Bulletin further examined the tremendous logistical effort involved in copying, packaging, and posting the 20,000 disks. The report also revealed evidence the doctor had been planning to distribute an additional 2 million disks.

How did people pay the ransomware back in 1989? Well, Bitcoin didn’t exist so the process involved sending $189 USD to a post office box in Panama. Apparently one organization in Italy lost over 10 years of work over the incident. This attack was the first of its kind and led to a new understanding of what cyber crime actually meant.

Now that we have some history behind ransomware, how big of a problem has it become today? Estimates show that in 2016, ransomware losses totaled over $1 Billion. Long story short, ransomware is a big problem and is finding its way into businesses and home computers across the world. So what’s the best defense to prevent the next ransomware attack against your organization?

Why security awareness training will save you from the next ransomware attack.

If you haven’t realized yet, the best way to prevent ransomware is to be proactive. Training your employees with ransomware security awareness training is the most effective way to protect your organization against a ransomware attack. Your employees must understand the risk and impact of becoming infected with ransomware and how to detect an attack. Deleting suspicious emails containing links, not opening attachments, and staying away from malicious websites are a great way to start teaching your employees about ransomware. Below are some benefits of creating a comprehensive ransomware security awareness training program for your organization.

Prevention over reaction
Taking the time to prevent ransomware attacks is much easier than reacting to it. By educating your employees on ransomware prevention, you can save time, resources, and potential downtime needed to respond to such an attack. In almost any cyber attack, prevention is a much more effective approach than responding and recovering from a targeted attack.

Best ROI
Let’s face it, ransomware is a constant evolving threat. It can be morphed into different variants with different delivery methods daily. It is important to have security appliances, SPAM gateways, network monitoring, anti-virus, and all of the other tools that help keep our business protected. But without a security awareness program that engages your employees to understand the actual threat, your appliances and software can be easily bypassed. Your employees can be your biggest threat. Investing in their security awareness training will be the best defense to prevent a ransomware attack.

Culture
Before the WannaCry attack, our team asked 100 different people from various levels of employment and industries if they knew what the term ransomware meant. We found that 80% of those people had never heard the term ransomware or understood its meaning. That’s an amazingly high number for such a big threat. Let’s say you were to survey all the employees in your organization about ransomware.

Would you be confident that at least half of your employees fully understand the term ransomware and how to protect against it?

A powerful security awareness training program should get all of your employees speaking the same common language and build a culture of security.

What options do I have if my organization gets hit by ransomware?

Let’s say all defenses have failed, and you are stuck being hit by a ransomware attack. What do you do now? We have outlined a few options available if your organization gets hit with ransomware. Read closely and decide which option works best for your situation.

Backup
Using a backup is a highly effective way to recover from a ransomware attack. If your organization has a solid backup plan, you can restore from a known working backup and be up and running again quickly. Be sure to test your backups regularly. Don’t wait until you actually need to use your backup, to figure out that it doesn’t work.

Pay
Paying the ransom is not the best option. Unfortunately, most organizations have to make the tough decision to get access back to their files. The worst part is that you may not actually get your decryption key from the hacker. Even if you do, you are still at a high risk of being attacked again. You must find the root cause of the issue so the ransomware doesn’t appear on your system again.

Decrypt
Although very rare, some anti-virus companies may have an option to decrypt your files. Groups such as the Nomoreransom.org Project are communities where ransomware protection tactics are coming together. Antivirus companies may even offer some tools on how to decrypt your files depending on the type of ransomware. Although, this usually only happens when the hacker’s servers are seized by government agencies and the private encryption key is released.

Start Over
If all else fails, you always have the option to start over from scratch. That would entail re-imaging your computers and wiping all of your data. This may not be a great option since you will lose access to all of your sensitive data. Most organizations only consider this option if they know the machines that were infected did not have any sensitive or valuable information on them.

Ransomware is not going away anytime soon. It is important that ransomware is covered in your security awareness program to help train your employees on preventing this evolving threat. Ransomware is going to continue to be a major threat and your employees are the first line of defense when it comes to preventing a ransomware attack against your organization. Watch a free episode of Curricula’s ransomware security awareness training to see how you can educate your employees about this destructive cyber threat.

Author: Nick Santora
  • Nick Santora

CISSP, CISA, Chief Executive Officer of Curricula.