This blog is the second in a two-part series about Ransomware and how you may be able to protect your organization — big or small — against the same. Part one of this series defined ransomware and how it works. This part of the series will provide tips on how you can protect your business against ransomware.
So far, 2017 remains the worst year on record where cybercriminals made over $1 billion in profits on ransomware attacks. Typical attackers demand what might be considered “reasonable” amounts of money — between $2,500 and $10,000 per infected device. Ransomware has cost businesses and organizations in Canada as much as $2.3 billion last year.
How to protect your organization against ransomware?
To protect yourself against ransomware, you need to implement a three-point strategy.
Step 1: Deploy essential security measures
- Block infection from reaching your network by securing your mail and web gateways. Deploy packet inspectors to scan and block fraudulent emails and prevent users from accessing known malware-generating websites.
- Patch all applications, and patch them often. The Wannacry and Petya ransomware that decimated networks around the world, causing billions in damages, relied on an exploit that Microsoft issued a patch for three months earlier. People who patched their systems regularly were not affected.
- Recognize antivirus software is your last defense, not your first. You should still have a strong and up-to-date AV software, but understand that if a ransomware attack gets on your network and to the endpoint, it may be too late. Malware writers constantly change their attack vectors to exploit newfound vulnerabilities in software. Keeping your virus definition files up to date is essential, but the last hope to stop the latest threats.
Step 2: Educate your users
Your users must know how to spot ransomware. For example, they should never open a file from anyone until they confirm the email address. Just because the name of the sender says it is your bank doesn’t mean it is; the actual email address might read firstname.lastname@example.org.
This is a vital step in preventing targeted attacks. The better educated, the lower your risk. At the same time, you must be realistic. It only takes one accident to compromise an entire network. Regular training helps reduce the chances of accidents.
Step 3: Be prepared for an attack
- Maintain a good set of backups. With a good set of backups, you can simply retire the infected PC, deploy a new one with the backed-up data, and get back to work.
- Keep backups disconnected, or offline, from the main network. The Petya virus was able to spread so fast because it used Windows management tools to spread from computer to computer, infecting data as it went. It could also infect network-attached storage connected to the network. If your backup copies are on the network, they could also be encrypted making them unusable. Tape backups have made a comeback because of this reason. Offline remote backups are also an effective way to mitigate infection.
- Pay and pray? If you have been infected, and you do not have a good set of backups should you pay the ransom? If you do, you embolden the attackers. If access to the data becomes a matter of life and death, like with hospitals that have been infected, you may have to pay and hope that you are dealing with an ethical digital gangster who will really return your data. These situations are a big reason cyber liability insurance has become so popular.
Protecting yourself from ransomware
Ransomware attacks are on the rise with increasing numbers of remote employees, which introduces new opportunities for cybercriminals to wreak havoc on organizations of all sizes.
Implementing the three strategies outlined in this article offers the best approach to protect your organization against a ransomware attack. If you have questions about how to do this, one of our managed security service professionals will be happy to speak with you.