7 Steps To Defend Against Ransomware
Ransomware attacks are a significant threat to any business which stores electronic data.
The FBI reported 2,500 incidents of ransomware attacks in 2020. A total of $350 million was paid to hackers to reverse these attacks. Payments are mainly in the way of cryptocurrencies such as Bitcoin.
Ransomware attacks have affected enterprises of all sizes. Healthcare organizations are estimated to make up around 45% of all ransomware attacks. The Conti ransomware group has accounted for 290 ransomware attacks on healthcare institutions in the United States and about 400 attacks worldwide. Conti’s victims have included Ireland’s national health service, targeted with a $20 million ransom.
While large public organizations represent a particularly lucrative target for ransomware groups, smaller businesses comprise the vast majority of ransomware victims. Hackers view small organizations as soft targets with lesser cybersecurity measures than more prominent companies and public organizations.
Here are seven essential cybersecurity measures any company can implement to protect against ransomware.
1. Regularly back up all data.
The first step to guarding against ransomware is to mitigate the damage. IT departments and consultants should back up data regularly. Restoration of the affected files from a backup may eliminate the need to pay the attacker’s ransom.
Companies should store backups in a secure location that ransomware hackers cannot access. This measure means the data will be safest in an offline or “gapped” system, ideally in a different physical place than the rest of your organization’s IT infrastructure.
Regular backups guard against loss of data but do nothing to prevent ransomware attacks designed for data theft and extortion. In April 2021, Apple was the target of a ransomware attack that stole sensitive data on future products. Hackers demanded $50 million from the Taiwan-based company Qantas which manufactures MacBooks and other Apple products.
2. Minimize software and operating system vulnerabilities.
Software companies typically offer updates to their products, aka patches, whenever security vulnerabilities surface. Keeping all software and operating systems on your IT networks patched will minimize the likelihood of a ransomware attack.
Every business should also be cautious about the software they allow on their networks, restricting installation activities to authorized system engineers only.
3. Protect enterprise computer networks with robust password requirements.
Easily guessed passwords open a system backdoor to hackers. All users should be required to access the computer network with a strong and unique password. To minimize the data comprised in any breach, users should also use a unique password for every application.
It can be difficult for users to remember a large number of unique passwords. However, IT pros can deploy enterprise-grade password management on your computers to store credentials securely. Password management and security tools designed for enterprise use typically offer a much greater deal of protection than those designed for consumers.
4. Guard against phishing attacks.
Phishing emails are one of the most common attack vectors for ransomware. Spoofing, aka impersonation, of seemingly official email addresses is trivially easy for ransomware hackers. Therefore, all users of an enterprise’s network must be on the lookout for phishing attacks. Educate your staff on the potential for phishing emails and social engineering tactics designed to trick them into granting hackers access to your network.
Organizations should implement email security tools designed to stop phishing attacks from reaching their network’s users. There should also be strict safeguards such as malware scanning and filtering of attachments and hyperlinks in email messages.
5. Develop a zero-trust security framework.
Allowing remote access to computer networks is essential for many enterprises. It is, therefore, crucial to ensure that only authorized users are accessing your networks.
Multi-factor authentication is one of the most effective ways of verifying a user’s identity. Most computer users are now familiar with multi-factor authentication methods which protect their personal online accounts. For example, when you log onto Gmail from a new device, Google will prompt you to identify yourself using an assigned device such as your smartphone. These same multi-factor authentication techniques can be used to guard against malicious access to enterprise computer networks.
6. Actively search for compromised passwords.
Once your network’s security has been compromised, you should be in a position to respond to the threat as quickly as possible. Advanced enterprise-grade security tools can monitor dark web forums used by ransomware groups for compromised passwords. As soon as a breach has been identified, users should be prompted to change passwords immediately.
7. Respond to ransomware attacks appropriately.
If preventive measures fail and ransomware strikes, it’s important to react calmly and appropriately. Ransomware groups will typically identify themselves after they have compromised or encrypted an enterprise’s data. They will demand a ransom which could range anywhere from hundreds to millions of dollars.
Affected computers should be taken offline immediately and rebooted in safe mode to use antimalware scanning tools. You may find that a scareware attack, which is a fake ransomware attack, has targeted you. These attacks imitate more sophisticated ransomware without genuinely compromising data. It may be possible to revert the system to an earlier state and circumvent the attack.
If you have fallen victim to a genuine ransomware attack, you should immediately alert your head of IT operations.
Prevention is better than cure.
Ransomware attacks are one of the biggest cybersecurity threats facing all organizations. The best way to deal with the threat of ransomware is to be proactive.