DATA SECURITY KNOWLEDGE BASE

The Need for Ransomware Protection

Ransomware is a type of crypto malware used for cyber extortion. Ransomware holds a victim’s computer or their files hostage via encryption while demanding payment in exchange for decrypting the files and releasing access to the user’s device. Ransomware is usually spread through phishing attacks containing a malicious email attachment, infected program, or link to a compromised website. Ransomware attacks have evolved to target businesses, encrypting entire networks of computers or files and bringing business operations to a halt until the ransom is paid. Ransomware attacks have extorted millions from end users and businesses in 2016, prompting the FBI to release an advisory on the growing ransomware threat in April.

Once a system becomes infected and the computer is locked and files encrypted, the user is unable to use the needed features of their computer. Typically, when a user first attempts to use an infected machine, a pop-up window appears notifying them that they must pay a certain amount of money to reclaim their device and associated data. Some ransomware programs, or the cybercriminals behind them, impersonate government or police agencies in an attempt to intimidate victims, claiming there are security reasons that the computer was shut down and insisting a fee or fine must be paid.

With attacks on the rise, businesses and individuals should be aware of ransomware attack techniques and follow best practices for ransomware protection.

Tips and Best Practices for Ransomware Protection

There are several ways that enterprises and their employees can play a role in protecting the company’s sensitive data from ransomware attacks, such as:

• Educating employees: This is the first line of defense against ransomware. As ransomware is commonly introduced through email attachments and links, arming employees with the knowledge they need to practice secure email and browsing habits can prevent many ransomware attacks from succeeding. Train employees on how to recognize phishing attacks as well as best practices such as not opening attachments or links in emails from unknown senders, checking link URLs, and never clicking pop-up windows. Training should be ongoing rather than a single session to ensure that employees keep up with new threats and maintain secure habits.
• Back up your files regularly and frequently: Having diligent data backup processes in place can limit the damage caused by a ransomware attack significantly, as encrypted data can be restored without paying a ransom.
• Practice the principal of least privilege: Granting unlimited access to networks and software applications is not only hazardous to the organization’s security posture but can also lead to a multitude of errors and other mishaps resulting from employees using programs or features they don’t require access to. Configure employee accounts with only the access privileges required for their job roles.
• Keep operating systems and all software up-to-date: Software updates typically contain patches for security vulnerabilities and should be installed as soon as they’re made available. Enable automatic updates whenever possible to streamline this process.
• Disable features like autorun, remote desktop connections, and macro content in Microsoft Office applications: These are features that aren’t necessary for most employees yet can be exploited by attackers to spread ransomware and other forms of malware.
• Don’t pay ransoms unless absolutely necessary: Paying the ransom only establishes you as a paying target for future attacks and has even led to follow-on data breaches at some organizations. Unless you have absolutely no other choice, avoid paying ransoms.

Ransomware Protection Solutions

In addition to following the best practices listed above, businesses should consider implementing ransomware protection solutions to improve their systems’ defenses against ransomware attacks. Ransomware protection reliant on signature-based security methods are largely ineffective, as new ransomware programs are being developed all the time. Today ransomware protection requires a multi-pronged approach that combines user education with solutions for ransomware prevention and detection. Solutions like advanced threat protection or endpoint detection and response provide behavior-based detection and blocking of ransomware attacks that go beyond the limitations of signature-based detection of known malware. Additionally, many enterprises implement application whitelisting to bolster ransomware protection efforts. This solution allows only specified applications to run, reducing the risk of ransomware programs executing on local machines.