How to Secure Your Business from Ransomware Attacks
Over the last few years, there has been a dramatic increase in ransomware attacks against organizations. Last year alone, an estimated 184 million ransomware attacks (statista 2019) have been reported. It is often associated with financial liabilities in the form of ransom demanded by attackers, usually through tough-to-trace electronic payments. Without adequate disaster recovery and backup plans, many businesses are forced to pay the ransom. The Cybercrime Magazine Cybersecurity Ventures had predicted that the global cost of ransomware will exceed $5 billion in 2017, which is 15 times higher than the cost in 2015. At that same time, the number of ransomware variants has also grown thirty-fold (Proofpoint, Q4 2016 & Year in Review, December 2016). A recent ransomware attack on American city Baltimore’s government computer systems is estimated to be around 18 M USD. Victims of ransomware now span from large size organization to freelance photographers. Not all organizations are publicly disclosing the attacks. What we hear in the news is just the tip of the iceberg.
Once ransomware infects a machine, it encrypts all data in the machine and asks for payment. Usually, the payment is asked through popular cryptocurrencies. What is luring the cybercriminals to perform these ransomware attacks is the easy opportunity to make quick money.
There is no direct fix for ransomware attacks. Layered defence is the only way to prevent these attacks. Controls are required from a technical and non-technical perspective. The most important factor affecting cybersecurity is inappropriate budgeting. Most of the organizations getting affected by Ransomware had a casual “this will not affect us” attitude.
This article summarises the risk mitigation steps to avoid ransomware attacks.
1. Prevent phishing attacks
- Ensure that employee training policy is in place and employees are trained to recognize phishing attacks.
- Perform different types of simulated phishing attacks in the organization to monitor the employees who fall victim to it.
- Implement a spam filter
- Ensure a third party is performing simulated phishing attacks in certain intervals.
2. Ensure systems are updated and patches are applied
- Ensure patch management policy is implemented and all systems, applications and operating systems are updated
- Make sure a vulnerability management program is implemented in the organization followed by vulnerability assessment at frequent intervals.
- Ensure that complete redressal of all vulnerabilities are identified.
- Make sure a third party is performing VAPT (vulnerability assessment and penetration testing) and Red Teaming activities in certain intervals.
3. Backup Policy
- Ensure a well-defined backup policy is implemented and followed. Backup of the systems are very important to recover from ransomware attacks.
- Store backups in a separate device or cloud storage depending on the sensitivity of the data. The backups should be kept in a separate location from the company network. For small business organizations cloud storage can be a dependable cost-effective option. Cloud , tape drives and external hard disks are some of the options. Ensure that backups are verified regularly and the ability to recover data must be measured by a regular backup recovery exercise
4. Ensure effective preventive controls are implemented
- Preventive controls attempt to prevent incidents before they occur. Make sure antivirus installed and updated regularly. Centralised antivirus management is important to identify machines that are not updated or have missing antivirus software.
- Ensure firewalls are installed and policies are managed in a way that no Insecure rules are implemented. Perform regular configuration reviews to understand the unnecessary exposure to the systems or the perimeter device itself.
- Ensure an Intrusion Prevention System (IPS) is implemented and configured effectively. IPS can identify known communication techniques used by Ransomwares.
5. What to do when a system is infected
- Remove the infected system from the network. Disconnect all Wired and Wireless networks. Disable Bluetooth. Disconnect wireless shared devices if any.
- Isolate the systems that are connected to the same network as the infected system. Some systems not been completely encrypted by ransomware provides an option for recovery.
- Immediately inform the local Cyber Police.
- Make sure to change all system passwords after removing the ransomware.
The ransomware mitigation steps and execution can be cumbersome but with several new ransomware variants appearing, it’s always a good idea to fortify your security systems and minimize the exposure. Prevention requires maximum vigilance and everyone following the do’s and don’ts to protect computer data and personal information from the attacks. The above steps should give you a starting point to further develop a security strategy to detect, prevent, and proactively respond to security threats.
Want to gain further insights on how to better safeguard your critical assets against security threat or how to develop a strong security strategy? Talk to our cybersecurity experts!