What Is Ransomware and How Do You Deal With It?
Keeping abreast with the advances in cybercrime is a demanding task for network security professionals. If you’re still not sure about what ransomware is, you’ll need to get up to speed quickly with the latest threats.
With modern tactics and sophisticated malware, cybercriminals target both individuals and businesses using ransomware and can devastate networks.
Ransomware uses encryption or elevated access controls to block users from accessing their workstations or cloud services.
If an attack succeeds, the victim will need to pay the bad actors before they can regain access to their system.
Attacks come in many forms, but usually it’s an errant click from a user on an infected link that grants the hackers access.
The Different Types of Ransomware Attacks
The software and tactics used by cybercriminals continue to evolve with technology. The rise of cloud services and access to sophisticated encryption tools enable bad actors to improve their skills and threaten even the most secure networks.
The first method relied on using access controls to modify passwords using locker malware, locking users out of their systems.
This worked well, but better account recovery options from software and service providers helped users overcome these kinds of attack.
The latest types of attack are crypto ransomware. This encrypts files on the user’s system, forcing them to pay the hackers with crypto currency or credit cards to decrypt the files.
Both methods still rely on gaining access to the system, so ensuring you protect your networks is of vital importance.
7 Dos and Don’ts of Ransomware
There’s a lot you can do to protect from ransomware attacks. A proactive approach to network and device security is key, but you can also improve your system’s defenses to help you recover if an attack succeeds.
1. Don’t Pay the Ransom
If an attack succeeds, don’t pay the requested ransom. While this may be the quickest way to regain access, it could make you a regular target.
It will also embolden the attackers, leading them to continue running the same tactic on other businesses.
By not paying the ransom, you reduce the efficacy of the criminal endeavor. Moreover, there’s no guarantee that paying the ransom will actually solve your problem. Only one in five victims who pay ransoms get their information back.
2. Restore Your Systems From Backups
You should have a regular backup policy in place that allows you to mitigate ransomware attacks. Even when an attack succeeds, redoing a few days’ or a week’s worth of work is more desirable than submitting to the extortion.
The better your backup strategy, the better you’ll be able to respond effectively to an attack.
3. Keep Personal Information Out of Emails
Hackers use social engineering techniques to gain access to the network. Any personal information contained in emails or communications help them craft an attack that’s more likely to succeed.
Ensuring you keep personal information protected during daily workflows will reduce their ability to create a phishing email that looks like it came from a legitimate source.
The average cost of a ransomware attack was $133,000 (Source: Sophos)
4. Deploy Antivirus and Firewalls on Your Network and Devices
Every company should have a network security policy that uses the latest threat detection technology to ward off an attack.
Firewall definitions include the sites and software cybercriminals regularly utilize for attacks. If anyone attempts to access these sites from within your network, the system will block the attempt and alert your network security professionals.
5. Invest in Content Scanning and Filtering Solutions for Email Servers
Email is the dominant communication channel between employees and businesses.
As emails can originate from anywhere, ensuring you scan the content and filter out malicious emails before they arrive in the inbox will improve your security.
Content filtering solutions will flag suspicious emails and disable any links they contain.
Ransomware attacks have increased over 97 percent in the past two years. (Source: Phishme)
6. Maintain Security Patching Policies
Ensure you regularly apply the required security patches on all servers, workstations, printers, and other networked equipment.
Hackers continually search for exploits in existing systems and strike once they find any vulnerability in a system.
By maintaining a security patching policy as fixes become available, you will drastically reduce the probability of an attack succeeding.
7. Apply a BYOD Policy to All Personal Devices
With more employees now using their own devices to connect to the company’s network, it’s important to include these devices in your BYOD (Bring Your Own Device) security policies.
Using a Virtual Private Network (VPN) whenever employees connect from outside the regular network will ensure your data remains protected.
For mobile devices, the same firewall and end-point scanning rules should apply.
Takeaways for Dealing with a Ransomware Attack
- Backup and encrypt data: Ensure you regularly backup all information (and encrypt backups to protect them from criminals).
- Educate employees: Make employees aware of the daily risks. Highlight the different phishing tactics criminals use and how they can spot suspicious emails.
- Apply security patches: Apply your security patches as they become available on all devices, servers, printers and other networked equipment.
Impact Networking’s Managed Security program provides vital cybersecurity protection for clients, keeping their minds at ease in the knowledge that their IT infrastructure is being monitored and maintained by our security experts.
We’ve vetted 100s of vendors to ensure that our program utilizes best-in-class solutions for our clients. In today’s landscape, a comprehensive cybersecurity program has never been more important. Learn more about Impact’s offering here.