As old as the open internet itself, ransomware made some notable headlines in 2017. WannaCry, NotPetya and Bad Rabbit all led the news cycle, and many companies were hit hard. As one of our leading trends to watch for 2018, we expect ransomware to make headlines again.
The growth of cryptocurrencies, RaaS (ransomware as a service) and a continually growing underground economy could make for a perfect storm. That said, there are ways to protect yourself from ransomware and preventing it from becoming an issue.
You need to have the proper cyber security software to protect you across all potential entry points. This means you’ll need email security with features like time-of-click URL protection, endpoint protection or basic anti-virus, a general web security suite and whatever else may be relevant to your organization. Anti-virus software alone can be insufficient in detecting a ransomware payload. It will often identify the most advanced malicious software only after it is too late.
A cyber security strategy without email protection leaves your network vulnerable. Spam protection is a must, but the volume of messages with malicious links that can pass traditional gateway scans is increasing, and more and more of these malicious links are directed to hosted malware (and ransomware) downloads as a result. Your main consideration is to ensure that your email security solution not only filters for spam but includes phishing protection as well as protection from malicious URLs and attachments.
Backups should be made daily or with sufficient frequency that if for any reason a restoration is needed no important data will be lost. These backups should not be accessible via any network without authorization. Do regular backup checks: Ensure the integrity of your backup on a regular, scheduled basis – don’t let a corrupt backup can provide a false sense of security.
Along with offline backups, using cloud based servers such as Google Drive or OneDrive can provide a failsafe for important documents that can provide peace of mind. Ransomware works when users are scared to lose the information they have on their device or network, but with every failsafe added, even if ransomware makes it through, it doesn’t pose a threat to your users and key operations.
Do periodical penetration testing to spot vulnerabilities – before someone else does the job for you. Have a look at this /r/sysadmin thread for a few good pointers on running a ransomware simulation and for tools you can use.
Automated patch systems can provide huge time savings to your organization, especially when you are preventing malicious threats. Outdated software is in competition with human error as a leading cause of ransomware and a primary vector for its entry onto systems and devices.
Provide user access only to areas they need to do their job. This way, if ransomware does infect one piece, you can still operate and restore from a backup more easily. Segments can generally be done by role requirements, or based on the general cyber awareness of specific user groups (think of the normal difference between sales and IT support).
Ransomware artists love to deliver via email attachments. One easy step to prevent against this is to block all EXE and DMG files delivered via email, while advanced attachment defense solutions can provide a master-layer of security with up-to-the-minute intelligence and protection.
Whether in emails or while browsing, URL defense and protection is an important element in a complete ransomware prevention strategy, particularly since malicious URLs as a use for ransomware delivery is expanding (as mentioned above).
Above all, and we say this so often, a well trained and aware workforce is the most important form of prevention. Strong Password practices and actually using them, along with being able to recognize a phishing email, not clicking through spam links, reporting and deleting emails with malicious attachments and recognizing spoofing are just a few good starting points. If one message hits home it should be: teach your teams to be skeptics.
A good anti-virus without email protection, nor the reverse, is as effective as when both are combined. The greater the number of layers, the odds of ransomware taking hold dramatically decrease.
Using an adblocker as a browser extension will prevent a big chunk of “malvertising” – a means often used as an entry for Ransomware.
Make it impossible for a user to install any kind of software without validation that it does in fact fulfill your organization’s security requirements.
If a user can connect their own devices to a work network, the same stringent policies must be in place across all BYOD devices. The threats from mobile ransomware are growing. People don’t look at their phones with the same skepticism as they computers.
According to most, paying a ransom is not advisable. The FBI for example “doesn’t support paying a ransom in response to a ransomware attack”. Payment doesn’t guarantee you won’t be a repeat victim, and often ransomware simply deletes data instead of encrypting it. Paying also, more broadly, encourages increased criminal activity. There are also decryptors available, though not available for all forms of ransomware.
On the positive side, most breaches are avoidable, and easily at that. The above list is quite comprehensive, but even focussing on a few of the above can be sufficient in ransomware prevention. There is a small part the end-users need to do – primarily awareness and good passwords. On the IT side, patches, permissions, and using the right security technology are fundamentals, with a business continuity plan in place for worst-case scenarios. These steps alone would stop many of the simpler ransomware attacks.
Addressing what happens once you’ve been a victim of hacking is not only more complicated, but also much more expensive. The costs aren’t just the ransom, but potential legal issues, data breach disclosures, press nightmare, loss of reputation, loss of productivity, overhauling IT strategies and system restoration.