For cybercriminals, ransomware has been a lucrative business in 2019.
For cybersecurity executives, prevention is top of mind; and with good reason. According to a recent McAfee Labs Threat Report, in Q1 2019 alone, ransomware attacks grew by 118%.
Ransomware attacks can be unsettling and sometimes devastating to an organization. Losing access to valuable data can mean making the hard decision to give up that data or pay hackers with the hope of regaining access.
But paying the ransom does not always guarantee data recovery. The recovery statistics span the gamut. One source says 96 percent of victims receive the encryption key after paying the ransom, while another estimates that only 60 percent recover their data. Keep in mind, in some cases, paying the ransom and receiving the key doesn’t guarantee that all data will be recoverable.
The potentially high costs of a ransomware attack make preparation and prevention a priority.
The following are five ways in which an organization can prepare and protect itself against ransomware attacks:
The majority of ransomware is delivered via phishing attacks. By convincing a user to click on a link or to open a malicious attachment, hackers slip the malware onto the target system.
Employees are targeted by dozens of phishing emails every day. One of the most effective ways to prevent & detect ransomware attacks is by educating employees through a phishing awareness training program.
Disseminating current and relevant training and information provides employees with an understanding of these threats, what they look like in an email, and common paths hackers take to gain access.
While email scanning systems can help with weeding out many threats, training employees to detect the rest can dramatically decrease an organization’s vulnerability to an attack.
The majority of ransomware is spread through traditional ransomware methods. But there are exceptions. The famous WannaCry outbreak was spread by exploiting a vulnerability in Server Message Block (SMB), a common protocol Windows uses to share files, printers, and serial ports on the same network or domain.
The attack could have been entirely prevented if organizations had updated their systems with patches addressing the vulnerability that was available months earlier. As a security best practice, promptly installing necessary system patches will considerably reduce the likelihood of a security breach.
Also, keep in mind that the need for updates isn’t limited to Internet-facing software. Many security tools, like antivirus, rely on signatures to detect the newest malware variants. Failing to regularly update and run scans with your antivirus can leave a computer vulnerable to the latest flavor of ransomware.
Ransomware acts quickly. For it to be effective, it needs to be able to open, encrypt, and delete many files on a computer before you can do anything about it. Cybercriminals do their homework, observing and researching the best ways to attack.
This suspicious or unusual user behavior makes it possible to detect and shut down a ransomware attack if the organization reacts quickly. Having tools in place to configure endpoint detection systems to generate alerts based on relevant indicators along with a quarantine plan, can go a long way toward stopping the spread of a possible infection.
Many businesses are opting to outsource this to a trusted managed security provider.
Limit User Privileges
Most ransomware infections manage to encrypt every file on a computer and may even be able to spread to other systems. However, a ransomware infection can only encrypt files that it has access to. If most users operate with Administrator-level access by default, this means the infection can encrypt all of them.
In general, most employees do not need Administrator-level permissions on their work machines. While it is often necessary for installing software, it isn’t needed for editing Office documents and checking emails. By limiting permissions to the minimum necessary and setting up a process for handling exceptions, the impact of a ransomware infection can be minimized.
The revenue model of ransomware depends on targets being desperate enough to pay large sums of money to hackers to get their data back. If this isn’t the case, the whole system falls apart.
Deploying an automated backup system can help limit the impact of a ransomware attack. The value of an hour (or less) of lost data is often far less than the ransom being demanded by an attacker. By deploying an automated backup system that is ransomware resistant, an organization can minimize the impact of an attack and help force ransomware developers out of business.
No security checklist is foolproof. As the risk for an attack continues to increase and grow in complexity, businesses- no matter the size- have to stay vigilant and properly protect themselves every second of every day.