Cyber SecurityFive Best Practices to Prevent Ransomware Attacks

Ransomware attacks have dramatically risen in the past few years. The reasons for this are varied, but two stand out.  First, the ubiquity and non-regulation of cryptocurrency makes it easy to demand non-traceable funds. This leads to the second reason: it works. Companies around the world, large and small, are paying ransom to get their data back. This emboldens other threat actors to launch ransomware attacks as well.

While large companies that have suffered ransomware attacks make the news headlines, there are many more small and medium-sized companies that suffer ransomware attacks every day. 2021 has seen a monumental leap in ransomware attacks already.

In 2020, there were a total of 304.6 million reported ransomware attacks globally. In the first six months of 2021, 304.7 million ransomware attacks had already been reported. If the current trend continues (and there’s no evidence to suggest it won’t), the total number of 2021 ransomware attacks will be more than double those in 2020.

What is ransomware? Ransomware is a type of malware that encrypts data and locks out access to infected computers until the ransom demand is paid (usually in some type of cryptocurrency).

Ransomware attacks are costly. Not only do you have to potentially pay the threat actors to get your data back, but you lose revenue from business disruption. Additionally, if your customers are negatively affected by the attack, you will have costly legal and payout expenses. All of this can harm the reputation of your company and affect future revenue.

It’s not a question of IF you will be the target of a ransomware attack, it’s a question of WHEN.  Don’t deceive yourself by saying “why would they look for me,” because they aren’t looking for you. They cast a very, very wide net, and will attack anyone, or any company, they catch. The trick is to make sure you don’t get caught in their net. There are five things you can do right now to prevent getting caught in a ransomware attack.

# 1 – Employee Education

The simplest way for threat actors to inject ransomware into your systems is through social engineering attacks. The most common social engineering attacks are phishing emails. It is estimated that more than 90% of ransomware attacks begin with an employee opening a phishing email. Your employees may not know how to recognize a phishing email (misspelled urls, suspicious attachments, suspicious email addresses, etc.) and they open up the door for threat actors to come in.

You should invest in raising your employees’ awareness about phishing emails and give them clear guidelines on what types of emails to avoid opening or replying to. You should also make sure that they know about other types of social engineering attacks. A great way to train your staff is with anti-phishing training. We work with KnowBe4, and like their product a lot; feel free to call us to learn more!

Your employees should also understand why weak passwords—or derivatives of the same password—make ransomware attacks more likely. Although standard password best practices (change them frequently, keep them long, etc.) are still widely accepted as best practice, the real best practice is to have your staff using password managers such as LastPass, Dashlane or Thycotic. Here too, feel free to call us to learn more about these products. 

# 2 – Network Segmentation

Grant network access granularly. This usually entails implementing zero-trust network access. This can be a daunting task if access controls are applied based on individual identities, but we have helped many of our clients successfully segment their networks.

When you segment your network, you restrict employee access to only the files, functionalities, and systems they need to do their jobs. For example, if an employee needs only occasional administrative privileges to one of your systems, it can be granted only when they need it and then be revoked when they no longer need access.

Of course, a more robust solution for controlling access is to implement an Identity and Access Management (IAM) solution. This will be the topic of future blogs, but check out CoreBlox to get a better sense of IAM solutions.

Segmenting your network also includes endpoint protection, which segments remote access and IoT devices to limit access to your internal systems and networks. You can create a separate wireless network, for example, for IoT devices. This limits how much access a threat actor has to the core of your operations, minimizing the impact of a breach.  We work with endpoint security products from Carbon Black and ESET.

# 3 – System Updates

Ensure that all system updates and patches are applied as soon as they are released. This is an area where companies often drop the ball. These updates and patches get relegated to a “when we get a chance” list, because they don’t seem to be a high priority compared to other projects.

Threat actors know that. That’s why one of the most common ways they seek access is by looking for and exploiting known vulnerabilities in older versions of software, operating systems, and devices.

Once threat actors get in, they use these vulnerabilities to get administrative privileges and then infect any data or systems they are able to access with ransomware. You should also install security software that can detect network intrusions and set up your mail servers so they filter out incoming emails containing files with suspicious extensions and automatically reject addresses of known spammers and malware.

# 4 – Backup Management

Make sure your data is backed up to two separate locations. If you are not already using cloud-based, encrypted-vault backups, start doing so immediately (call us if you aren’t sure how; we provide this service to dozens of clients). We also recommend 30-4-12  backups, meaning you should keep a rotation of 30 daily backups, 4 weekly backups, and 12 monthly backups.

Backups alone will not ensure that you can recover from a ransomware attack. You need to regularly test your backups to ensure that everything that is supposed to be backed up is backed up and that you are able to successfully restore everything from your backups.

# 5 – Regular Penetration Testing

Penetration testing is “white hat” (ethical) testing performed by cyber security professionals that identifies exploitable vulnerabilities throughout your systems that threat actors could use to gain access.

Penetration testing should be done at regular intervals. Penetration testing should also be done more often if you’re making significant and frequent changes to your IT environment. A few examples include when you are:

• Adding new infrastructure or applications to your network

• Installing security patches

• Moving to a new physical location

• Updating your applications

Penetration testing can reveal and fix vulnerabilities before threat actors find them and launch a ransomware attack. Penetration testing can also make sure that you are compliant with the regulatory standards that apply to your industry.  If you would like to know more about Penetration Testing, or would like to talk to us about doing Penetration Testing for you, check us out and give us a call.

Winmill Can Help You Protect Your Company from a Ransomware Attack

Sooner or later, your company will likely be the target of a ransomware attack. If you’re not protected, you face monetary and reputational losses that could be irrecoverable. Our cyber security teams apply their expertise to help protect our clients from ransomware attacks. 

Our approach is unique. We look at your business operations and potential risks and create a custom cyber security solution that fits within your budget. As we work with your company to ensure you’re fully protected against a ransomware attack, we also do something else that’s unique: we transfer our knowledge to your employees so that they have enhanced skillsets to continue to keep your company protected.