How to Protect Your Company from a Ransomware Attack.
As if there wasn’t enough to worry about, ransomware attacks are on the rise and can suddenly and without warning, bring your business to its knees. This year alone, cyber-criminals have successfully extracted over a billion dollars in ransom payments.
Fortunately there are several steps that you can take to greatly reduce the chance that your company will fall victim to one of these schemes. Some of these steps may seem obvious, but just one mis-step or oversight is all a cyber criminal needs to gain control of your data.
Ransomware is a version of malware (malignant programs) that blocks rightful owners from access to their computers or networks. Some particularly virulent forms spread from machine to machine across a network, such as North Korea’s infamous Wannacry virus.
When the motive is blackmail, hackers demand payment or some other action from the victims in exchange for returning data or access. Because ransom demands often come from overseas and use difficult-to-trace methods, prosecution of offenders remains rare, though the FBI has had success in retrieving some ransoms paid in bitcoin. However, compliance with hacker demands provides no guarantee of access restoration. Because of this, backups must be part of any ransomware defense plan.
Prevention is the Best Medicine
Like most criminals, ransomware hackers seek soft targets. Where they detect vulnerability, they strike.
Taking prudent cybersecurity measures is a key component of business operations. Without them, data theft and business interruptions can devastate even large enterprises. Ineffective ransomware protection is like leaving the front door unlocked; no ransomware protection is like leaving it wide open.
Robust, Cloud-Based Data Backups
No cybersecurity system can guarantee the prevention of all ransomware attacks. Hackers are notoriously inventive and constantly engaged in defeating the latest cybersecurity software. Often, law enforcement and the business community learn of hackers’ newest capabilities only after criminals victimize multiple organizations.
Data backup will be your saving grace if your organization is unlucky enough to be the target of the latest ransomware innovation.
Effective data backup systems store all critical information. They are essential because if a successful ransomware attack paralyzes your IT system, you will need the backup to retrieve data and resume normal operations. Without data backup, your company falls into the power of the ransomware attackers.
For example, imagine hackers locked down your systems and demanded $10,000 in exchange for releasing them. Provided you follow daily backup procedures, you can restore your systems without paying the ransom. However, without data backup, you may have to pay the ransom and hope the hackers restore access.
Hackers can worm into networks through incorrectly implemented backups. To prevent this, it’s critical to store backup data to the cloud or offline. For example, storing backup data to an external hard drive protects it from hackers (provided you disconnect it immediately after each download).
In addition, strong ransomware security measures require regular backup testing. These tests ensure that backups, if needed, provide up-to-date restoration of data and functionality.
In creating backups, “gold images” of essential systems help avoid the need to reconstruct crucial structures. To manufacture gold images, store the templates needed to preconfigure operating systems and software applications. This allows you to rapidly deploy and rebuild systems.
In the aftermath of some ransomware attacks, rebuilding the primary system may be disadvantageous. By retaining backup hardware, you avoid the compatibility challenges inherent in rebuilding structures with out-of-date images.
Storing relevant source code and executables also helps restore systems after a ransomware infection. Though it’s faster to rebuild with images, some fail to install on various hardware and platforms. In these situations, relevant source code and executables are lifesavers.
This may seem obvious, but never let your operating systems or software get out of date. Patches provide key antiviral updates that protect against the latest known ransomware threats. Missed patches result in vulnerabilities.
When adding patches, be sure never to overlook third-party plug-ins and apps. Ransomware infections enter through holes in installed software, such as Java, Flash, Adobe, and the like.
Outdated antivirus software is like a disconnected burglar alarm. If a competent hacker tries to break-in, he or she will realize the security system is disabled and exploit any weaknesses.
In addition, it’s important to scan all downloaded software for viruses. Once executed, ransomware embedded in software is free to infect your infrastructure.
In addition to antivirus software, an antivirus firewall is essential to ransomware defense. As with all cybersecurity technology, firewalls cannot guarantee ransomware prevention, but they vastly increase your protection. When choosing a firewall, be sure to select one that suits your finances and network usage patterns. In addition, you can ensure employees use the firewall optimally through training sessions.
Disable Macros from Email Attachments
Often, unwitting users enable macros from an email attachment. When malware is embedded within the code, it then executes on the machine.
Protect Against Phishing Scams
Phishing attacks are amongst some of the most successful hacker tricks. They succeed because criminals can create authentic-looking fraudulent emails. Many fake emails purport to come from trusted sources, such as government agencies, well-known companies, or the target’s boss. Phishing emails masquerading as vital communications capitalize on people’s natural inclination to access and respond to important messages.
Training staff to identify inauthentic emails is a key part of preventing phishing scams. Also, encouraging staff to avoid opening emails from unknown sources and steer clear of spam gives your organization the edge on hackers.
Provide Security Awareness Training
As phishing scams demonstrate, many hacker strategies take advantage of human inclinations. For example, people naturally rush to open important emails, such as urgent-sounding communications from their bosses. Making employees aware of how hackers trick people through a security awareness training course dramatically ups the odds of employees recognizing the signs of a scam and resisting hacker deceit. Cybersecurity-aware, vigilant employees understand how to resist malicious links, phishing emails, and other online criminal traps.
While blacklisting blocks known security threats, it is powerless against the latest hacker innovations. Whitelisting combats this problem by reversing the blacklist process: Instead of relying on eliminating infected software, whitelisting allows only programs that are known as safe.
To create an effective whitelist, start by scanning an on-network computer to identify the legitimate apps and then configure the network to allow only “cleared” apps.
Enable 2-Factor Authentication
Any online account requiring 2-factor identification (2FA) has a potent defense against hackers. By mandating 2FA for business accounts, administrators, in essence, demand a key that hackers find impossible to duplicate. In addition, encouraging employees to use 2FA for any personal accounts that may sometimes interact with your network further increases security.
Require Encryption Tools
Computers contain easy-to-deploy encryption programs that cause no loss of processing speed. However, users often neglect encryption tools despite their ease of use and effectiveness. Policies that enforce encryption tool deployment add a valuable layer to cybersecurity defenses. To ensure full effectiveness, also set computers to automated log out after 15 minutes of inactivity.
Never Neglect Manual Safety Checks
Robust cybersecurity protocols require manual screening. It’s critical to see who has accessed the system and rigorously verify there has been no unauthorized network access. Detecting suspicious activity promptly often makes the difference between shutting down a ransomware attack and suffering a crippling loss.
Consistent manual safety checks also offer an opportunity to ensure antivirus and other scanning software remain current.
Use GPO Restricted Groups
Group Policy Object (GPO) Restricted Groups automatically remove anyone from a restricted group who lacks valid approvals. Hackers often infiltrate groups because they provide access to vulnerable points, so GPO is essential to keep out imposters. You can also use GPO to limit possible hacker activity for additional protection, such as running executed files or installing attachments.
Restrict Administrative Rights
Too many restrictions hamper operations and make the IT department unpopular. However, too few restrictions make the organization a soft target.
In determining what administrative rights to restrict for whom, it’s important first to consider the ideal security setup—where the inconveniences of restrictions cause no material business disruptions. Then you must decide what is practical within your organization.
For operational, political, and cultural reasons, certain restrictions, though prudent, simply cannot be enacted. By erring to the side of security when possible and enacting all restrictions the organization can accept, you succeed in securing the network to the best of your abilities under real-world circumstances.
Upgrade Access Codes Immediately
Delays in the upgrading of access codes serve as engraved invitations to ransomware attackers. For example, failing to timely change login credentials and common passwords after employee terminations opens a window for cybercriminals.
As an additional security measure, be sure to set reasonable access code parameters, such as locking accounts after a certain number of wrong username or password inputs.
Stop Admin Pages from Appearing in Search Engines
While search engine optimization is excellent for a company’s homepage, the last thing you want is your admin pages popping up in search results. Finding admin pages to attack through search engine results is a favorite hacker tactic. Hiding these pages removes another target from the hacker hunting ground.
A Ransomware Infection Strikes: What Now?
Ransomware infections often come with a demand for money or some other form of blackmail. While considering your options, it’s important to understand that paying money or otherwise complying with the hackers’ demands offers no guarantee of restored access. Your organization could be out the ransom and still lose critical data while suffering from frozen operations.
If you have recent backups, there is a good chance that you can resume operations based on them, saving your organization from paralysis. However, it is still crucial to report the incident to the FBI and seek their assistance.
Firstly, the hackers may have collected sensitive data about your organization, other entities, or customers. Depending on the type of data stolen, a breach can lead to other crimes. The FBI may be able to prevent further criminal activity, such as forged charges to credit accounts.
Secondly, the FBI tracks criminal organizations, and the hack against your company may relate to an ongoing investigation. Even if the perpetrators are unknown to law enforcement at the time of the hack, further investigation of the incident and future ransomware investigations may lead to identifying the culprits.
Thirdly, the FBI can advise on what steps to take to restore operations, retrieve data, notify affected parties, and respond to or ignore communications from the criminals. Often, it may be advisable to deploy backups and refuse the hackers’ demands.
However, there may be situations where sophisticated ransomware makes retrieving data impossible without the consent of the hackers. For example, as of late 2021, Cryptolocker and Cryptowall ransomware remain challenging to defend against and may result in the inability to retrieve purloined data independently. The FBI can help you determine the best course of action should such an unfortunate situation befall your organization.
Create a Disaster Recovery Plan
To ensure a rapid and effective response, codify your organization’s ransomware counterattack in a disaster recovery plan (DRP). If a breach occurs, reactions should be automatic and according to the DRP. An effective DRP contains the following directives:
- Shut down the organization’s network
- Shut down Wi-Fi and Bluetooth
- Alert your local authorities and the FBI
- Decide on paying the ransom or relying on your backup
- Ensure deletion of all infected files
- Determine how the breach occurred
- Fix the vulnerability the hackers exploited
- Find and fix all remaining vulnerabilities
- Redouble cybersecurity efforts
Hacking has become an endemic that organizations must defend against constantly. As long as hacking innovations find fresh vulnerabilities, cybercriminals will have a substantial financial incentive to commit ransomware crimes. At present, following cybersecurity best practices and maintaining up-to-date backups are the most effective measures for preventing and recovering from ransomware attacks. Unwavering cybersecurity vigilance is the only way to keep hackers at bay.
Take the Next Step
If you have questions or concerns about your company’s vulnerability to a possible ransomware attack, please contact us. We’re here to help. You can also download our Ransomware Prevention Checklist blow.