If there is one thing to be said about ransomware attacks it is that recovering your data encrypted by the attack is next to impossible, so it is best to just properly protect yourself in the first place.
A ransomware attack is when an online attacker, or cybercriminal steals and encrypts a victim’s data, then demands a ransom for its safe return. Originally, ransomware was more of a consumer problem, but in recent years, there has been a drastic rise in the number of businesses and government entities being attacked as well.
Security experts all seem to be in agreement that it is all but impossible to recover stolen data without access to the decryption key or having a backup copy of the unaffected data. Because of this, in an attempt to block threats and mitigate potential damage the need for organizations to have security measures in place is considerably heightened.
It is critical the focus is on prevention, as this is the best way to protect yourself against the potentially devastating damage of ransomware attacks.
The key difference between ransomware and other types of more traditional malware, is that you typically become aware of the problem upon infection where ransomware is concerned.
A robust backup process is the most effective tool to defend you against ransomware attacks. Often, that backup is the only way to recover data aside from paying the demanded ransom. But backups are not the only weapons in your arsenal against cybercriminals, other measures of precaution that can, and should, be taken include:
- Authenticating Inbound Email – Ransomware is commonly distributed through email, with attackers targeting victims by using cleverly disguised false emails that appear to be from a legitimate source. These emails contain malicious attachments that download the ransomware onto the victim’s system when they are opened.
Organizations are able to minimize this risk by validating the origin of the email before it is even delivered to the intended recipient.
There are many sender technologies available, such as Domain Message Authentication Reporting and Conformance, SPF or Sender Policy Framework, and DomainKeys Identified Mail. These tools can be easily implemented and provide protection against business email being compromised, spear phishing, and other threats commonly found in these deceiving emails. These solutions work by validating the domain and IP address of the server the email originates from. Unfortunately, at this time many companies are failing to implement proper email authentication protocols, and even when they do, the policies are not strict enough. Contaminated emails still make their way into the junk folders or are simply quarantined. These threats need to be rejected from the system altogether to be effective.
- Properly Protecting Email Servers – While sender authentication minimizes the likelihood of ransomware being delivered via email, it is not a complete enough solution to keep you adequately protected. It is crucial to protect email servers by scanning all incoming, outgoing, and stored email. Scanning can be beneficial in detecting any potential threats that may have evaded perimeter defenses or managed to infiltrate the network through internal email or compromised systems. There are a wide variety of available tools to scan email servers for security threats, and every business owner should be taking advantage of them. Email authentication is great, but what about the off chance that a legitimate server is sending out spam emails and malware? Those tools will not be effective when that is the case.
- Incorporate Ad Blocking – Ransomware is not only distributed through emails, often times it is serviced up through advertisements when users visit certain sites. “Malvertisements” as they are called, allow cybercriminals to target victims based on several factors, including, browsing habits, location, device characteristics, demographic information, and other things. Ransomware, when served up via these watering-hole style attacks can be considerably more dangerous than random attacks because attackers are better able to target victims that they know have the means to pay up.
Blocking ads on user systems, or preventing users from accessing certain sites on the Internet, even implementing a secondary network for them to access the Internet, will all help reduce the risks associated with this type of ransomware.
- Monitoring File Activity – When an individual falls victim to a ransomware attack, the situation can quickly escalate into a full-scale attack against the entire enterprise. There are wide ranges of sophisticated ransomware tools that allow the attacker the ability to encrypt not only the hard drive of your system, but also any shared files.
The rapid overwriting of files is a major indication of ransomware on a network. This can be monitored by using a tool that monitors activity, and is strongly recommended as a measure of precaution. Such early detection allows organizations to more easily contain the damage that could be caused by the ransomware, and provides the opportunity to go into quarantine mode, preventing the infected machine from connecting to any other file servers.
- Have Your Response Plan Prepared and Close By – Time is of the essence when staring down the barrel of a ransomware attack. Attackers generally provide very specific demands that are time-sensitive, or the ransom amount may be increased. Cybercriminals have a knack for determining when the best time to strike is, and just how much organizations can afford to pay. They also intentionally don’t give you enough time to respond to the situation and properly determine whether or not the data can be unlocked without paying the ransom.
Because of this, having a response plan is critical. The plan should include details on how to best respond in the event of a ransomware attack. It is important to take inventory of your critical assets, know where these assets are located, and evaluate the potential impact if these assets were to become lost, stolen, or compromised in some way, making that data unavailable to you. The chaos that ensues after a ransomware attack is one of the worst components of the whole ordeal, and having a well-thought-out response plan can eliminate that aspect of the pandemonium.