Ransomware is a growing threat to every organization on the planet and cyber-criminals are innovating at a phenomenal pace because they have the funds to do so. In fact, many cyber-criminal groups have more funds than most enterprises and as the money increases attackers have more to invest in adding resources and people to enhance their threats. Hackers are becoming increasingly sophisticated and often once they’re in, they may sit dormant for a period, planting attacks, watching activity, waiting to execute later, thus making recovery from an attack more complex, which means organizations are more likely to pay the ransom. Companies get hit by ransomware in many ways, here are some of the most common methods:
- Phishing emails that launch ransomware attacks via inline links, links in attachments, or fake attachments.
- Browsing unknown links and websites.
- Downloading and accidentally running infected software.
- Inserting or connecting an infected disk, disc, or drive.
- Operating system based vulnerabilities if the OS is not patched to the latest levels.
- Plugin based vulnerabilities if plugins are not patched to the latest levels.
- Infrastructure vulnerabilities (network, storage etc.) if not patched to the latest levels.
While systems like edge and endpoint protection solutions are a necessity and do great in attempting to prevent many methods of attack, they do not protect against every outbreak. So, what can you do to ensure your business does not get taken down and potentially wiped out by ransomware? We need to work together as technologists to stand up and fight against these criminals with a multi-pronged ransomware protection strategy. To do this you have to prepare for an attack and start thinking about how your data and systems are currently protected. Ransomware attack preparation steps are as follows:
- Ensure you have antivirus and firewalls deployed and enabled on all endpoints, especially if using your own personal devices. Antivirus and firewalls with network traffic control are essential for comprehensive edge and endpoint protection.
- Run a Security Information and Event Management (SIEM) platform that can enable real time ransomware protection, behavioral analysis, monitoring of traffic and operating system and application log monitoring to provide a holistic overview of your IT infrastructure.
- Enable a regular patching schedule for all operating systems, applications, appliances, plugins and infrastructure devices to ensure software vulnerabilities are minimized.
- Ensure you have a robust data protection solution in place that delivers secure and air-gapped backups that are well established.
- Implement layered security and permissions structures to ensure no single users have written access to all folders and documents in shared areas. Alongside this run regular penetration testing to analyze your security and attempt to uncover vulnerabilities. If vulnerabilities are found ensure these are acted upon to make your environment more secure and less vulnerable to attack.
Recently Microsoft, AWS, the FBI and the UK’s National Crime Agency formed an alliance and joined the Ransomware Task Force which aims to decrease the number and success rate of ransomware attacks. The framework provides detailed recommendations on how to deter, disrupt, prepare, and respond to ransomware attacks. This task force report framework contains key information which is useful in protecting your company’s data with a multi-pronged approach, ensuring you have prepared for a ransomware attack and have a response plan in place so you are ready if you get attacked. It is important to make sure you are ahead of the game so you can keep yourself and your organization protected against cyber-crimes.