Trying to prevent ransomware at your organization? Having backups in place and an incident response plan are only part of it. Here are some tips on preventing and mitigating ransomware attacks.
According to a report by RiskRecon, publicly destructive ransomware events grew over 5x from 2017 to 2021. Ransomware is a type of malware that will block your legitimate access to a system until you pay up a certain amount of ransom or circumvent the attack through other measures. It encrypts the victim’s files, making them inaccessible, and threatens to delete them if the ransom isn’t paid.
A recent ransomware attack hit farming equipment-making giant AGCO after the FBI warned that ransomware attackers are planning more attacks. Such attacks can be even more detrimental to the public when they attack hospitals, financial institutions, defense organizations, etc.
Ransomware is generally delivered to the victim’s system through phishing, making an unsuspecting user click on a malicious link. Once ransomware is installed on the device, it starts encrypting files and sends an extortion note to the victim.
What makes ransomware even more worrisome is that in many cases, attackers don’t unlock the data even when the ransom is paid. Businesses of all sizes are increasingly targeted by ransomware attacks, including small to medium-sized enterprises (SMEs).
To make sure your system doesn’t get infected with ransomware, follow these simple tips.
1. TAKE REGULAR BACKUPS
Ransomware works by encrypting and blocking your access to important data. If you have a current backup of all important data, there is less reason to worry. If you are ever hit by a ransomware attack, you can revert to a previous unencrypted version to regain access to your systems and data.
Your backups should be stored offline and at a location where they cannot be targeted by attackers. Test your backups regularly for efficiency. If you do face an attack, make sure the backup isn’t infected before you roll back. Having a backup is probably the most important line of defense against ransomware.
2. USE A RANSOMWARE PROTECTION SOLUTION
Use a ransomware threat protection software solution that is designed to detect and block threats. For instance, Digital Guardian’s ransomware protection solution filters out noise and provides deep visibility into advanced threats.
3. BEWARE OF PHISHING ATTEMPTS
Ransomware is most commonly spread through phishing. Make sure you or your team doesn’t click on untrusted links. Most phishing attempts are done through emails so it’s important to avoid suspicious emails.
Phishing awareness training should be given not just to the IT security team but to all employees of the organization.
4. SANDBOXING
Sandboxing all communication, especially emails, can add protection to the system. Since human errors cannot be completely avoided, having a secure email gateway solution can be helpful in keeping your system ransomware-free.
There must be email filters in place that filter out emails that might contain suspicious links or unknown file types.
5. CREATE AN INCIDENT RESPONSE PLAN
With an incident response plan in place, the IT security team will know what to do if they do encounter a ransomware attack. The plan should define the roles and responsibilities of personnel along with the steps that need to be taken. It should also define the communication that needs to take place and stakeholders that need to be informed about the attack.
Some actions defined in the incident response plan could be:
• Communicating the attack details to customers and/or other affected parties
• Steps to restore the data that has been lost
• Steps to rebuild the network and computer systems
When there’s a carefully designed plan, there will be no panic in case of an attack and the situation can be managed more easily.
6. HAVE THE RIGHT WEB SECURITY/FIREWALL TECHNOLOGY
With a firewall, you can monitor and filter HTTP traffic to a web service. A firewall is the first line of defense against cyber-attacks. When your company uses web applications and APIs, you might be exposed to malicious traffic. With a firewall, you can filter out potentially harmful traffic.
Make sure your firewall protects some specific ports such as RDP port 3389 and SMB port 445 as many ransomware attackers use these ports. A properly configured firewall will not just protect you against ransomware but also against other kinds of malware and other cyber threats.
7. KEEP YOUR SOFTWARE UPDATED
This is a general line of defense against all cyber-attacks. Since software developers keep coming up with patches and bug fixes, keeping your system updated will cover all loopholes before they could be exploited.
Whether it’s the operating system or other software that you run on your network, keeping them on auto-update will reduce your chances of being infected by any malware, including ransomware.
IF YOU STILL GET ATTACKED
While we have discussed ways to avoid being attacked by ransomware, if you still get attacked, the question is: should you pay?
If you have an incident response plan and regular backups, there is no reason you’d have to pay. However, if you don’t have an updated backup and are being asked to pay up, it’s best to discuss these matters with law enforcement agencies.
The FBI has expertise and insights on these matters, and they can guide you on what should be done next. You might also want to try some decryption tools to see if they can unlock your data.
Some experts warn against paying up to ransomware attackers because there is no guarantee that your files will return back to their original state after you pay the ransom. In such a scenario, try getting help from law enforcement agencies. Following the best practices mentioned here will help you stay safe from ransomware and avoid being targeted.
