Ransomware has emerged as the primary type of cyberattack plaguing everyone from local government organizations to private corporations. With the pandemic forcing everyone to rely on digital assets, ransomware attacks have only increased in both volume and severity. Malicious attackers have little conscience and cannot be expected to show mercy, no matter how many individuals or companies are affected by their attacks.
Essentially, this mode of attack corners enterprises to quite literally be caught between a rock and a hard place, where they must make a difficult choice. They can either choose to pay the ransom that the attackers demand to have their files decrypted, or take steps to mitigate the damage from the attack and restore their operations as quickly as possible. Either way, it’s a losing proposition for the victim, and ends up costing thousands to hundreds of thousands of dollars, if not a complete breakdown of services.
In this article, we will outline steps as to how you can prevent your organization from becoming a victim of ransomware attacks. Before that, however, let me make a case for why you shouldn’t pay the ransom:
The FBI strongly advises against paying ransomware attackers, and many states and governments are working on laws against paying ransomware attackers. Additionally, the long-term consequences of paying inevitably surpass the short-lived benefits nearly every single time.
The fact is that even though you pay the ransom, there is no guarantee that the attackers will actually keep their word and return your data safely. Some reputed hackers do follow a code of conduct and guarantee the safe restoration of data once the ransom is paid, but these are few and far in between. They could simply choose to turn their backs and either increase their demands or disclose your data anyway. They could even sell your data. The safe rule of thumb would be to not trust the people holding your business and your data ransom.
Moreover, paying for the attacks has the added disadvantage of masking the real problem. If the hackers used an existing vulnerability to gain access to your secure systems, then paying them limits your ability to trace exactly what steps they used to gain access in the first place. This leaves you wide open to more attacks in the future, possibly from the same source.
Paying also reiterates the utility of ransomware attacks as a highly profitable venture. This not only encourages further attacks in the future, but also can single out your business as an easy mark for cyberattacks.
Here are some of the best practices you can use to mitigate the risk of a ransomware attack:
Maintain Backup Your Files
The single most important step in ransomware threat mitigation is to back up your data safely and regularly, and to make sure that the backups remain accessible when you need them.
Backup files should always be stored in the system that’s not connected to your main network. You also need to regularly verify the backup, so you can remain assured that the mission-critical files and data are being backed up regularly. By doing this, you essentially eliminate the need to pay the ransom in case of an attack because you can safely restore your data yourself.
You can protect your organization from attacks by making sure that all your operating systems, applications, and software are updated regularly. Always remember that updates and software patches are used to patch up current vulnerabilities in the system, so implementing these regularly will help you close security gaps.
Remember to turn on auto updates wherever possible. Make use of reputed anti-malware products that can help you detect and block many types of attacks. Most attacks are perpetrated through emails and infected websites, so you should take care to deploy an effective email scanner to highlight any suspicious attachment. Blocking access to suspicious executable files is a key step in mitigating threats.
You can prevent malicious codes from entering your network by using effective firewalls. They also are useful in blocking or limiting the remote management services that hackers often use to perpetrate attacks. Well-configured firewalls can minimize spam, stop infected emails, and limit file extension types in emails to only the relevant ones for your organization.
Train the Team for Enhanced Security Awareness
Your workers remain the most vulnerable point of entry for any kind of cyberattack. This is why security awareness and proper training is critical in mitigating attacks. When employees are aware enough to spot and raise a flag for any kind of suspicious activity that they may come across, your organization will remain secure from most kinds of attacks.
This requires patient training across all members of your organization and developing a participatory culture of proactive defence. Also remember that the same kind of training may not work for technical and non-technical members of your team.
Deploy Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) essentially seeks out malicious activity by studying anomalies in network traffic logs and comparing them to known threat signatures. An effective IDS regularly updates signatures and raises an alert quickly whenever it detects potential malicious activity. IT Support can help you deploy effective IDS systems.
Have a Cyber-Insurance Policy
When you know you might eventually come across a risk - it’s always better to have insurance. This can help your organization to recover losses in case of a ransomware attack. Cyber insurance policies are becoming increasingly popular to help protect against data breaches and other threats. Work closely with your insurance provider to understand if they can actually cover the cost for paying a ransom or not.
Enterprises can no longer hope to avoid encountering malicious cybercriminal activity. Instead, they must take active measures to shield themselves from the harm of a ransomware attack.
Brent Whitfield is the CEO of DCG Technical Solutions LLC. DCG provides specialist advice and IT Consulting Los Angeles area businesses need to remain competitive and productive while being sensitive to limited IT budgets.
Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. He also leads SMBTN – Los Angeles, a MSP peer group that focuses on continuing education for MSP’s and IT professionals.