Protecting Yourself from Ransomware
Ransomware attacks are on the rise. Last year saw an alarming 105% surge in these attacks, which are designed to make people’s or business’ computer systems unusable until they pay a ransom.
Some sectors are more vulnerable than others. For example, last year, governments saw a 1,885% increase in ransomware attacks, while the healthcare industry faced a 755% increase.
The financial, utilities, and retail sectors are also highly vulnerable (over 60% ransomware attacks target these sectors) because hackers stand to make large sums of money by compromising their systems and data.
The impact of a ransomware attack can be severe. If you decide to pay up, this may involve a huge sum of money. However, law enforcement agencies recommend not paying, as doing so encourages continued criminal activity. In some cases, the ransom you pay could even be illegal if it goes toward fueling illegal activities. Other downsides to paying include making yourself an attractive target for future attacks, demands for a bigger ransom next time, and the hackers refusing to keep their end of the bargain.
If you don’t pay, however, the cybercriminals could release sensitive data into the public domain, jeopardizing your reputation (especially where consumer data is concerned). Moreover, if they compromise essential data, then this can cause significant downtime, resulting in financial losses as well.
Based on the potential consequences of ransomware attacks, every organization (no matter the size) should have a strategy in place for protecting itself against them. Let’s explore some effective steps you can take.
Be Vigilant About Patching
One solution to prevent ransomware attacks is to keep your software up-to-date. ‘Patching’ is when you update your software regularly. Often, updates include new security measures, which may be intended to ward off threats like ransomware.
Get Acquainted with CISA Guides
Every business should familiarize itself with the Cybersecurity and Infrastructure Security Agency (CISA) guides against ransomware attacks. The agency’s guides break down how to create cyber incident response plans. They also recommend regular vulnerability scanning on devices, as this allows you to see if any of these devices may be prone to attacks.
Another essential tip from these guides is for organizations to implement a cybersecurity awareness and training program so that employees know exactly how to identify and report suspicious activity, including that seen in emails, text messages, and their browsers.
Make Sure You Have Backups
You can avoid paying a ransom if you have backups stored offline, as ransomware cannot ‘leap’ to a drive that is not connected to the system. Nonetheless, this can be problematic in a corporate environment where backups must be automated on schedule. If your backups need to be automated, you can mitigate the spread of ransomware by:
- Mounting and unmounting the backup drive
- Setting the backup drive as read-only (write protected)
- Denying access to backups sets using “icacls”
- Using a cloud backup service with an API to store backups
Storing backups on a remote server using a VPN connection
Manage the Use of Privileged Accounts
Ensure you restrict users’ ability to install and run software applications on network devices. This way you can limit your network’s exposure to malware. A good privileged access management (PAM) approach should:
- Enumerate and categorize privileged accounts
- Define more granular scopes of privilege, rather than on an “all or nothing” basis. Just because an account is granted certain privileges, this doesn’t mean it should have unlimited access to every application that is available
- Enforce the principle of least privilege (PoLP) – granting the least amount of privilege required for a specific task – for accounts only when they truly need them
- Audit access and activity on all privileged accounts
Email Filtering and Alerting
A lot of the time, ransomware enters a network through a phishing link or attachment sent via email. An employee will click the link, thinking it’s legitimate, opening the door for ransomware to enter.
You can combat this risk, however, through email filtering, which almost all email providers have built into their platform. When you use email filtering, software will analyze all incoming emails and flag potential spam and phishing content. It will then move those suspicious emails to a designated folder. It’s important to make sure that your current email solution is up to date with the latest developments in malware (hackers’ tactics are evolving all the time).
Antivirus Software with Ransomware Protection
Most antivirus software has protection against ransomware built-in, especially since this is now a rising form of criminal activity. Therefore, one of the most effective ways to avoid the potential damage from a ransomware attack is to ensure that your antivirus software is up-to-date across your network, down to the individual user device. This includes devices with limited security protection, such as bring your own device (BYOD) and Internet of Things (IoT) machines like sensors and smart devices. It’s not just servers and laptops that need protecting but tablets and mobile phones as well.
Ransomware is not a threat you want to take lightly. Fortunately, there are several ways to protect yourself against such an attack. Finally, if a hacker manages to get past all your safeguards, having a proper Disaster Recovery (DR) plan in place will allow you to recover your lost data and carry on business operations as usual.
Cyberlocke is a comprehensive, full-service IT services provider that architects and implements efficient and secure solutions for enterprise customers and their data centers. We specialize in security, cloud, managed services, and infrastructure consulting. Contact Us today to learn more.