5 Ways to Overcome Ransomware in your organization
Ransomware is on the rise – there are now more than 50 families of this malware in circulation — and it’s evolving quickly. With each new variant comes better encryption and new features. So, organizations should be pretty well-versed in how to stave an attack, as well as how to remediate one should it successfully encrypt the organization’s data and/or systems.
In 2020, the FBI’s Internet Crime Complaint Center received 2,474 ransomware complaints, and those are just the ones that got reported. Cybersecurity Ventures expects that businesses will fall victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019, and every 40 seconds in 2016.
Adhering to proven cybersecurity fundamentals can go a long way toward securing both internal and client endpoints. The following recommendations should not be considered comprehensive but rather a collection of best practices for mitigating ransomware.
1. Update and Patch your devices and software
Regularly updating programs and operating systems helps to protect you from malware. When performing updates, make sure you benefit from the latest security patches. This makes it harder for cybercriminals to exploit vulnerabilities in your programs. Past experience shows that companies that neglect this area are particularly vulnerable to ransomware attacks.
2. Cybersecurity Hygiene
- Endpoint Protection: Use anti- virus and anti-malware software or other security policies to block known payloads from launching.
- Enforcing MFA: Multifactor authentication (MFA) is a simple and very effective way to prevent attackers using compromised credentials to log in to remote access tools. Enable and enforce MFA wherever possible, with no exceptions.
- Implementing IP restrictions: Consider using IP restrictions to only allow users connected to the Organization’s local network to access remote administration tools. Restrict RDP which has been repeatedly exploited in ransomware attacks.
- Adopt the principle of least privilege: Employees should only have access to the minimum resources necessary to do their jobs. Limit access rights and regularly audit permissions to ensure privileges are in line with current requirements. Staff should not have local administrator rights unless it’s specifically needed for them to do their work.
- Disabling PowerShell: PowerShell executions should be restricted and disabled if it is not critical to operations. Organization that use PowerShell should closely monitor all PowerShell activity so that suspicious behaviour can be identified and stopped as quickly as possible.
- Email security: Email security solutions can help prevent Phishing attempts by cybercriminals. Mail authentication methods such as DMARC, SPF and DKIM are very useful for verifying sender domains, identifying forgery, and preventing business email compromise attacks.
- Web filtering: Web Security tools prevent users from accessing malicious websites and prevent compromises.
3. Security Awareness & Trainings
User security awareness training helps every employee in your organization recognize, avoid, and report potential threats that can compromise critical data and systems, including phishing, malware & ransomware.
- Never click on unsafe links: Avoid clicking on links in spam messages or on unknown websites. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected.
- Avoid disclosing personal information: If you receive a call, text message, or email from an untrusted source requesting personal information, do not reply. Cybercriminals who are planning a ransomware attack might try to collect personal information in advance, which is then used to tailor phishing messages specifically to you. If in any doubt as to whether the message is legitimate, contact the sender directly.
- Do not open suspicious email attachments: Ransomware can also find its way to your device through email attachments. Avoid opening any dubious-looking attachments. To make sure the email is trustworthy, pay close attention to the sender and check that the address is correct. Never open attachments that prompt you to run macros to view them. If the attachment is infected, opening it will run a malicious macro that gives malware control of your computer.
- Never use unknown USB sticks: Never connect USB sticks or other storage media to your computer if you do not know where they came from. Cybercriminals may have infected the storage medium and placed it in a public place to entice somebody into using it.
- Use only known download sources: To minimize the risk of downloading ransomware, never download software or media files from unknown sites. Rely on verified and trustworthy sites for downloads. Websites of this kind can be recognized by the trust seals. Make sure that the browser address bar of the page you are visiting uses “https” instead of “http”. A shield or lock symbol in the address bar can also indicate that the page is secure. Also exercise caution when downloading anything to your mobile device. You can trust the Google Play Store or the Apple App Store, depending on your device.
- Use VPN services on public Wi-Fi networks: Conscientious use of public Wi-Fi networks is a sensible protective measure against ransomware. When using a public Wi-Fi network, your computer is more vulnerable to attacks. To stay protected, avoid using public Wi-Fi for sensitive transactions or use a secure VPN service.
- Establish responsibilities: so that both the users and company leaders know what to do in the event of a ransomware incident. Define who needs to be contacted and in what order. This may include internal staff, customers, law enforcement, attorneys, PR and more.
4. Assume you will be hit
Ransomware remains highly prevalent. No sector, country, or organization size is immune from the risk. It’s better to be prepared but not hit, than the other way round. The best way to stop a cyberattack from turning into a full breach is to prepare in advance.
Organizations that fall victim to an attack often realize they could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place.
Plan for Ransomware simulation and Penetration testing which identifies and fixes vulnerabilities on the application, network, and devices. This helps businesses understand the strengths and weaknesses of physical security controls.
5. Data Backup & Recovery Plan
The better your organizations backups are, the less power ransomware attackers have. Backups should have much higher priority in IT than they often receive. Weak backup policies give ransomware the power to devastate an organization: With limited or no ability to restore systems, the business must engage with the ransomware attacker.
While backups cannot prevent a ransomware attack, they can restore the data held hostage with minimal — or no — disruption or money lost.
If you haven’t done so already. The advantage of cloud backups over on-premise systems is that vulnerabilities in cloud-based architectures are more difficult to exploit. In addition, cloud storage solutions allow you to restore older versions of your files. This
means that if the files are encrypted by ransomware, you should be able to return to an unencrypted version using cloud storage.
IT operations teams should commit backups at an appropriate frequency for business workloads and data. Additionally, they should have a system restore plan in place and test it frequently. Testing doesn’t need to run through the full disaster recovery playbook. Instead, test the backup repository weekly with restores from a random sampling of servers. This routine operation helps ensure that backups are valid and available.
Bonus Tip: iLink’s Managed Security Services
Our Services: Some of the Cyber Security services provided by iLink includes
Secure identity and access management – This can include endpoint and access point security, secure shared password vaulting, single sign-on, adding and rescinding permissions, and remote access management.
Vulnerability detection – Complex and ever-changing, this can involve a combination of dark web monitoring, security planning, security upgrades, penetration testing, phishing simulations and security awareness training.
Incident response – Absolutely crucial in today’s threat landscape, incident response is made up of disaster planning and continuity planning, backup and recovery, segmentation, mitigation, investigation, remediation, malware detection and similar tasks to prevent or stop cybersecurity problems that could lead to a data breach.
Compliance support – A very specialized proposition, this can include a broad range of specialized information security and privacy requirements dependent on the industry in order to stay compliant with HIPAA, PCI-DSS, CJIS, FFIECC or similar state or national data privacy standards to avoid huge fines.
