Avoiding a ransomware attack
Ransomware attacks are making headlines all too often these days. The past year has shown that no company, no matter how big or what industry it’s in, is immune. The good news is that ransomware attacks can be largely avoided. Companies that establish a robust cybersecurity framework can significantly reduce their vulnerability compared to their peers. To safeguard your company against these increasingly common attacks, consider adopting these best practices for ransomware prevention.
Security as a defence
Ransomware is sneaky but the truth is that most of these ransomware attacks use variants that are well-known and can be easily spotted by your trusty antimalware tools. Nowadays, most antimalware software even comes with fancy features specifically designed to fight ransomware. To beef up your computer security, it’s a good idea to create a sort of “security fortress” that includes not only strong antimalware but also some other technologies and processes like these:
- Firewalls – they’re like the bouncers of the internet.
- Scanning and filtering for your computer’s endpoints
- Detection and response tools for your computer’s endpoints (they’re like the detectives).
- Checking out the traffic on your network
- Filtering the web
- Using systems that can detect and stop unwanted intrusions.
- Keeping a close eye on your email security through filtering.
- Creating lists of what’s allowed and what’s not – a VIP list for your computer.
- Using cloud access security brokers.
And don’t forget these other smart moves to dodge a ransomware attack:
- Stick to the “principle of least privilege” and apply zero-trust network access
- Make sure you use multiple ways to prove you’re you when logging in like MFA.
- If you’re working remotely, consider using VPNs or other fancy security perimeters.
- Try not to use Remote Desktop Protocol too much, as it’s a popular way for ransomware to sneak in.
Advanced technologies
While your typical antimalware tools can usually handle most ransomware attacks, there’s still a chance that crafty attackers might come up with something new to catch you off guard. To stay on top of these cutting-edge threats, it’s a smart move to explore some advanced techniques and tactics, like:
- Extended detection and response – like having a super-alert security team.
- Managed detection and response – always having experts on the lookout.
- Sandboxing – testing things in a safe environment.
- User and entity behaviour analytics – spotting unusual behaviour.
- Zero-trust security – distrusting everything and everyone until proven otherwise.
- Cyber deception – techniques that trick attackers into engaging with dummy digital resources.
Education and training
Ransomware often enters an organization’s network due to innocent mistakes made by its own employees. Most commonly, this happens when an employee unintentionally falls for a phishing attack, clicking on a malicious link or downloading a harmful attachment. To keep your team vigilant, it’s essential to provide regular cybersecurity awareness training for everyone, including employees, partners, and stakeholders. The training should consistently emphasize fundamental best practices while keeping them up to date on new types of phishing attacks. You can also make it ransomware-specific to stress the seriousness of this threat. At the very least, advise your team to:
- Create strong passwords.
- Double-check the senders of their emails.
- Only open links and attachments from known sources.
- Avoid opening suspicious emails, clicking on questionable links, or downloading strange attachments.
Unprepared employees can put your company at significant risk. Make sure your staff is well-informed about what to do if ransomware manages to infiltrate your network. They should immediately alert management if they suspect an attack might be happening. In addition, it’s a smart move to develop a plan for responding to a ransomware incident. This plan should outline the steps employees need to take in case of an attack.
Update and patch regularly
Keeping software and systems up to date with regular patches could have spared numerous organizations a great deal of trouble, time, and money. Take the infamous WannaCry ransomware attack in May 2017, for instance. It took advantage of a vulnerability found in older versions of the Server Message Block protocol. Interestingly, Microsoft had already rolled out a patch for this vulnerability in March 2017. Nevertheless, WannaCry still managed to wreak havoc on around 230,000 systems across the globe. To avoid such scenarios, it’s crucial to adopt a patch management program and adhere to best practices to ensure swift and efficient resolution of any vulnerabilities that arise.
Backup and backup again
Most ransomware attacks have a common goal: to lock victims out of vital data until they cough up a ransom. Fortunately, having backups can act as your safety net. In the event of ransomware encrypting your data, backups serve as a quick way to regain access without giving in to the attacker’s demands. It’s essential to keep these backups in a secure location that’s not connected to your network. You can either disconnect the backup or store it on an external device, ensuring it remains unaffected by any ransomware attack. But here’s a crucial thing to remember: When you restore from a backup, you’re essentially going back in time to a point where the same vulnerability that the attackers exploited might still exist. So, as part of your ransomware recovery plan, always include identifying and fixing the root cause of the incident.
One step further
Ransomware is constantly changing its tactics. Nowadays, many attackers use double extortion, which means they not only encrypt the victim’s data but also steal it, or they go a step further with triple extortion by adding a DDoS attack or targeting the victim’s customers, partners, and other third parties. In these scenarios, even if a company manages to restore its data from backups, the attacker can still threaten to expose the data unless a ransom is paid. While backups are crucial, they are just one piece of the puzzle in a comprehensive ransomware prevention strategy.
To pay or not to pay?
In the worst-case scenario where you become a victim of a ransomware attack, one question will always stand out. Should I pay to get my data back? The National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) jointly advise against this. They have received reports indicating that certain companies believe it is appropriate to pay ransoms without needing to involve the ICO as a regulatory authority, or even anticipate benefits such as decreased regulatory scrutiny. However, it’s essential to clarify that this perspective is inaccurate. Paying ransoms to regain access to encrypted data does not lower the risk to individuals, is not a legal obligation under data protection regulations, and is not regarded as a reasonable measure for protecting data integrity. NCSC CEO Lindy Cameron says:
“Ransomware remains the biggest online threat to the UK and we are clear that organisations should not pay ransom demands. Unfortunately, we have seen a recent rise in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend. Cyber security is a collective effort and we urge the legal sector to help us tackle ransomware and keep the UK safe online.”
John Edwards from the ICO adds:
“Engaging with cyber criminals and paying ransom only incentivizes other criminals and will not guarantee that compromised files are released. It certainly does not reduce the scale or type of enforcement action from the ICO or the risk to individuals affected by an attack. We’ve seen cyber-crime costing UK firms billions over the last five years. The response to that must be vigilance, good cyber hygiene, including keeping appropriate backup files, and proper staff training to identify and stop attacks. Organizations will get more credit from those arrangements than by paying off the criminals.”
Rage against ransomware
I’ve worked in the professional IT support industry for more than 20 years, having witnessed first-hand the exponential rise in cybercrime. I also know what we need to do to protect ourselves from bad actors. You don’t need to fret about falling prey to hackers through a phishing or ransomware attack. I’m here to help you get your cybersecurity and cyber hygiene into shape. Contact me today and let me show you how.