The number of ransomware attacks has exploded over the past few years, infecting millions of computers and costing companies millions of dollars.
Ransomware is a type of advanced malware attack that takes hold of a device, either locking the user out entirely or encrypting files so they cannot be used. This type of attack can gain access to your device in a variety of ways. Whether downloaded from a malicious or compromised website, delivered as an attachment from a phishing email or dropped by exploit kits onto vulnerable systems, once executed in the system ransomware will either lock the computer or encrypt predetermined files. The attacker will then make them¬selves known with an “official” ransom demand, as well as thorough instructions and timelines on how to make a payment to either regain access to the device or to receive the decryption key for the captive files.
Small-to-midsize businesses disproportionately fall victim to ransomware, as they often lack the technical skills and tools needed to prevent infection. According to research, more than 50 percent of small and midsize businesses have fallen victim to ransomware. Of those victims, 48 percent decided to pay the ransom in an attempt to retrieve their data.7 While paying a ransom is not advised, ransomware often places organizations in the position of having to make a business decision – one where the immediate need for their data may trump their concerns about conceding to the attacker’s demand.
Three Best Practice Tips to Preventing Ransomware Attacks
We recommend three best practices that every organization, regardless of size, should employ.
EDUCATION AND AWARENESS
We hate to say it, but your largest attack vector is also your weakest. Many of your employees have never heard of phishing or a man-in-the-middle attack, and hackers know that. It’s critical that you educate your employees about the most common attack methods and how to avoid them, such as:
- Never click on links provided in an email. Type or copy the address into the browser to prevent unknowingly opening a masked link to a malicious website.
- Be cautious when opening email attachments. This is a common method of attack for ransomware.
- When visiting a website, pay attention to the URL. Common malicious sites include URLs with IP addresses at the beginning or a supposedly secure site that doesn’t use HTTPS.
- Spoofed email addresses are another method to acquire sensitive information. Never send personal information over email. We recommend biting the bullet and just making a phone call.
- Never, ever share your password with someone over email. Legitimate companies never request credentials over email.
BACKUP. BACKUP. BACKUP.
While preventing threats and attacks is always your ideal method of defense, you should always have a Plan B. In the case that an advanced malware attack, specifically ransomware, takes hold of your system, regularly performing data backups can provide peace of mind that your data is retrievable. Here are few tips for backing up your information:
- Offline backups are key. Modern ransomware can find and encrypt your network storage.
- Simplify your backups as much as possible. Create a global share that can store all of your most important information, and leverage data partitions when possible.
- Automate your backups when possible. Don’t let a human error make you miss a back-up.
DEFENSE IN DEPTH
Ransomware attacks look to leverage every attack vector possible. The more layers of security that you have in place, the greater chance you have of stopping an attack that another layer could miss. These types of attacks are able to morph into something unique, evading traditional signature-based detection methods. Here are just a few critical security layers your organization should have in place:
- Protect your network. Ransomware uses the network to not only connect to a malicious server and gain the encryption key, but also leverages the network to spread the attack throughout an organization.
- Leverage network sandboxing to detonate zero-day threats. Network sandboxing is a great tool for detonating unknown malware without risking the security of your devices.
- Gain visibility into endpoint devices. Ransomware attacks often start on endpoint devices. Having visibility into the event activity of these devices makes it possible to detect and remediate the threats before the damage is done.
- Connect the dots between the network and endpoint. Correlating event data from the network and endpoint provides a comprehensive evaluation of your overall threat landscape.
Don't wait to become a victim to put a WatchGuard solution in place. Quality Plus Consulting can help keep Ransomware at bay.