INSIGHT BY CITRIX

Ransomware: How to protect your agency’s data

This content is sponsored by Citrix

Every day, millions of people enter the world of cyberspace. Whether it’s online shopping, posting to social media, banking, working or storing data, people use the internet every hour of every day. Because individuals and businesses heavily rely on the internet, it’s essential to maintain a safe space online and take proactive measures to protect against a data breach — like ransomware.

What is ransomware?

Ransomware is a computer virus that holds data files hostage until the individual or business pays the ransom fee. The internet has seen more than 50 variations of ransomware in the last few years, with more than 638 million ransomware attacks in 2016, according to a report by Sonic Wall referenced by Forbes.

Ransomware is usually activated accidentally. Someone will unknowingly click on a link or file that contains the virus, which then infects the computer and encrypts data.

“Once activated, the ransomware calls home to a command-and-control server to acquire a unique, randomly created AES encryption key, then applies it to critical files found on local, network and cloud-connected drives. At that point, this data is entirely under the control of the hacker, who demands the prompt payment of a ransom to recover it or prevent its disclosure. This amount may range from hundreds of dollars for individual consumers to many thousands for a business,” according to Citrix.

What are the consequences of ransomware?

Ransomware attacks can be financially devastating to businesses. “Eighty-three percent of businesses that lose their data and aren’t able to get it back go out of business,” says Eric Montague at Executech.

In addition to causing financial losses, ransomware attacks can also be deadly. Citrix CTO Jose Padin cites the case of a VA hospital where electronic medical records (EMR) as well as the systems responsible for CT scans, documentation, lab work and pharmacy functions (were) rendered unavailable.

“Targeted government agencies face dire consequences as well, including losing access to core agency functions such as email and payroll; the citizen information to deliver services; and the production data on which operations depend,” according to Citrix.

How do you protect against ransomware?

Educate yourself and your employees. Education is the first way to protect yourself or your business from a ransomware attack. Be aware that malware exists and question things that seem suspicious. Also, don’t open suspicious files or links. Teach your employees about the different types of scams and raise awareness of the growing issue.

Know that ransomware is a growing business. Ransomware itself is a growing business industry. Spora ransomware-as-a-service is a program where people can sign up, create a payload and hand over 30 percent of the profit, according to Forbes. “Ransomware attacks can be extremely disruptive when they happen and are only going to increase,” Padin says.

Take a proactive approach to ransomware now. With the growing trend of ransomware attacks, it’s essential to think about and implement a plan to protect against ransomware. While having anti-malware is a great first step, it’s not enough.

In addition to anti-malware programs and employee education, companies and government agencies should integrate a multilayered approach to reduce exposure to ransomware attacks. A multilayered approach protects data better and allows you to recover encrypted data more quickly.

“The traditional way people look to protect against ransomware is focusing on the endpoint,” Padin says. However, Citrix offers an innovative approach to a digital transformation. Instead of keeping all your data at the end, he suggests putting data into a digital workspace, which will make it more secure and offer a better user experience.

“It’s important to think about where we put our data and how we access it,” Padin says. “If you can put it in a secure location that is not at the end, you can easily react and respond to an attack.”

Health care, education, financial and government industries are major targets because they store a treasure trove of personal data that is vital to protect. So they need to have a proactive anti-malware program in place.

Comments

Sign up for breaking news alerts