Before I talk about Ransomware attack, I want to be upfront about the fact that most of the organizations that had been breached were compromised as a result of an unpatched vulnerability, and companies failed to change default passwords.
I have had many discussions about the biggest menace on the internet – Ransomware attack. It continues to remain the biggest cyber crimes and the main funnel of funding organized crimes. To be a victim, we just need to naively click on the wrong link and if we indeed fall prey to attack, the ripple effect sets off that ends with all your data being encrypted by cyber gangs and crooks, who will only unlock it in return for a hefty ransom — usually in bitcoin or another hard-to-trace crypto currency. This digital currency has turned cyber criminals rich enough to employ increasingly sophisticated tactics.
What I have seen during past 14 years of my experience dealing with such threats that there’s no way to absolutely protect yourself or your business from ransomware attack, or indeed any other kind of malware. But there are a number of steps you can take to minimize or mitigate your risks. Some of my highly recommended mitigation strategies includes the following:
1. MAKE SURE YOUR ANTIVIRUS SOFTWARE IS UP TO DATE
This seems obvious, but is occasionally neglected by smaller organizations. Many antivirus packages now offer ransomware-spotting features or add-ons that try to spot the suspicious behavior that’s common to all ransomware attack: file encryption. These apps monitor your files for unexpected behavior — like a strange new piece of software trying to encrypt them all — and aim to prevent it. Some security packages will even make copies of the files that are threatened by ransomware. We are the authorized provider of Kaspersky Internet Security that provides the industry best solution to beat any ransomware attacks.
2. UNDERSTAND WHAT'S HAPPENING ACROSS THE NETWORK
There’s an array of related security tools — from intrusion prevention and detection systems to security information and event management (SIEM) packages — that can give you an insight into the traffic on your network. These products can give you an up-to-date view of your network, and should help you spot the sort of traffic anomalies that might suggest you’ve been breached by hackers, whether they are intent on infecting your systems with ransomware attack or have something else in mind. If you can’t see what’s happening on the network, there’s no way you can stop an attack. We provide Vulnerability Assessment and Penetration Testing. Our security experts have extensive knowledge of up-to-the-minute threats and wide experience in managing security threats effectively and provide proper remediation strategies. Our expertise and tools in combination ensures to secure every software and hardware component of your interconnected systems, enabling a fully validated Chain of Trust to be established, without overloading individual systems or devices, or limiting overall flexibility.
3. SCAN AND FILTER EMAILS BEFORE THEY REACH YOUR USERS
The easiest way to stop staff clicking on a ransomware link in an email is for the email never to arrive in their inbox. This means using content scanning and email filtering, which ought to take care of many phishing and ransomware before they actually reach staff. We are the authorized provider of Kaspersky protects small and medium businesses by scanning mail, filtering spam, and preventing the loss of confidential data.
4. UNDERSTAND WHAT YOUR MOST IMPORTANT DATA IS AND CREATE AN EFFECTIVE BACKUP STRATEGY
Having secure and up-to-date backups of all business-critical information is a vital defense, particularly against ransomware attack. In the event that ransomware attack does compromise some devices, having a recent backup means you can restore that data and be operational again fast. But it’s vital to understand where that business-critical data is actually being held.
5. UNDERSTAND WHAT'S CONNECTED TO YOUR NETWORK
PCs and servers might be where your data resides, but they aren’t the only devices you have to worry about. Thanks to the office wi-fi, the Internet of Things and working from home, there’s now a wide variety of devices connecting to the company network, many of which will lack the kind of built-in security you’d expect from a corporate device. The more devices, the greater the risk that one will offer hackers a backdoor into your network, and then use that access to move through your systems to more lucrative targets than a badly secured printer or a smart vending machine.
6. MAKE IT HARDER TO ROAM ACROSS YOUR NETWORKS
I always suggest my clients to segment the networks, and also by limiting and securing the number of administrator accounts, which have wide-ranging access. Phishing attacks have been known to target developers simply because they have broad access across multiple systems.
Connectis assists an organization with its Security Architecture Reviews, by conducting a systematic examination of all the layers of an organization’s network. We will examine the existing network topology and deployment of the security controls within the organization like firewalls, IDS/IPS, network segmentation and make recommendations to increase the effectiveness of the security controls.
7. TRAIN STAFF TO RECOGNIZE SUSPICIOUS EMAILS
One of the classic routes for ransomware to enter your organization is via email. Training staff to recognize suspicious emails can help protect against ransomware and other email-borne risks like phishing. The basic rule: don’t open emails from senders you don’t recognize. And don’t click on the links in an email if you aren’t absolutely sure it is legitimate. Avoid attachments whenever possible and beware of attachments that ask you to enable macros, as this is a classic route to a malware infection. Consider using two-factor authentication as an additional layer of security. Connectis Security Awareness Training specializes in making sure your employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering and can apply this knowledge in their day-to-day job.
8. APPLY SOFTWARE PATCHES TO KEEP SYSTEMS UP TO DATE
Patching software flaws is a painful, time-consuming and tedious job. It’s also vital to your security. Malware gangs will seize on any software vulnerabilities and attempt to use them as a way into networks before businesses have had time to test and deploy patches. The classic example of what happens if you don’t patch fast enough is WannaCry. A patch for the underlying Windows Server Message Block protocol had actually been released several months before the ransomware hit. But not enough organizations had applied the fix to their infrastructure, and over 300,000 PCs were infected. It’s a lesson many organizations are still to learn.
Let’s assume that we’ve become the victims of Ransomware attack and the cyber criminals have found their way through our defenses and now every PC across the business is encrypted, we must think very long and hard before you pay a ransomware. You could restore from backups, but it will take days and the criminals want a few thousand dollars. Should we pay?
For some, that may be the obvious conclusion. If the attackers only want a relatively small amount then it might, in the short term, make business sense to pay up because it means the business can be up and running again quickly. However, there are reasons why you might not want to pay. First, there’s no guarantee that the criminals will hand over the encryption key when you pay up – they’re crooks, after all. If your organization is seen to be willing to pay, that may encourage more attacks, by the same group or others. There’s also the broader impact to consider. Paying a ransom, either from your own funds or via cyber insurance, is to reward these gangs for their behavior. It will mean that they are even better funded and able to run even more sophisticated campaigns against you or other organizations. It might save you some pain in the short term, but paying the ransom only fuels the ransomware epidemic.
Look for my next blog where I’ll discuss the 5 Emerging Cyber Security threats you should take very seriously in 2019