If there’s one bad news CIOs don’t want to learn, it’s the one that the company is shut down due to a ransomware attack. While businesses struggle to resist successful ransomware attacks, it’s clear that preventing them is still more effective – and cheaper – than curing them. There are many tips for dealing with these types of attacks, but here are the top 5 tips for you to remember to be prepared for any eventuality.
1. Educate employees
A comprehensive cybersecurity policy is the key to protecting your employees against ransomware threats. Advice for collaborators is often to think twice before opening attachments, not to insert unfamiliar external media (such as USB drives) into a device, and not to click on unfamiliar links. And for good reason, since phishing is one of the main vectors of ransomware distribution, it is essential to warn employees against actions that could indirectly help hackers. For example, over-sharing on social media (posting photos of your office or revealing details about your team structure) can give criminals valuable information that can make attacks much more convincing.
2. Secure the endpoints
Employees may have good intentions, but sometimes they make mistakes. This is also why it is necessary to put in place IT protections in addition to inculcating good practices. Locking USB access thanks to global security policies and solutions dedicated to the protection of endpoints appropriate is a perfect example of a measure to be implemented.
In addition, configuring the Windows firewall is another strong defense against ransomware that tries to infect machines on the network. Disable some unused functions on the endpoints is therefore an ideal maneuver. Finally, closing the RDP ports (Remote Desktop Protocol) on machines that do not use them is also an excellent anti-ransomware measure, especially since it is a popular infection vector favored by hackers for this type of attack.
3. Set up a transversal security system
The integration of security systems at the heart of the infrastructure represents an essential layer of security to prevent compromise on the customer side. Organizations can protect a set of machines, for example, by scanning and filtering e-mail, or by relying on blocking rules for IP addresses fed by information about threats.
Securing the gateway between clients and the public Internet helps prevent infection, but protecting horizontal traffic is just as important. Indeed, being in search of valuable information, hackers often move laterally within the infrastructure and network of its target.
Segmenting its infrastructure therefore seems to be a good way to counter ransomware attacks. But this compartmentalization is not sufficient on its own. Additionally, by limiting employee access to only the applications and data they need, the company prevents hackers from using the access rights of an infected account to spread.
4. Apply software patches and implement security policies
The installation of software patches – at the server or the client level – is an essential prerequisite when it comes to hygiene in cybersecurity. But beware, companies should not be satisfied with fixing the vulnerabilities considered to be the most critical (1) to thwart ransomware attacks. Indeed, according to a recent study, most ransomware would use less critical and older vulnerabilities that may not be on the priority list for enterprise vulnerability management. Other types of vulnerabilities present on devices dedicated to backing up and storing data – or software and network gateways – would tend to develop. Overall, this complex landscape of security weaknesses underscores the need to work with a partner that takes a holistic approach to vulnerability management.
In addition, hackers using ransomware now tend to exploit security holes in SaaS-type software to achieve their ends. Moreover, this category of cloud-based application services is becoming an increasingly popular attack vector. As hackers find and exploit weaknesses in cloud-based services, employees who use the Shadow IT – and use unauthorized software and services – puts the entire organization at risk of ransomware infection. Creating and enforcing a security policy defining approved online applications is essential to avoid the need for Shadow IT by collaborators.
5. Protect data and manage risk
Anyone who has been the victim of a ransomware attack will tell you: Effective backups are essential to prevent hackers from taking data hostage. Unfortunately, it’s not enough just to sync files over the network or to a storage system hosted in the cloud. Most modern ransomware is designed to find data that is saved and shared across networks, and then encrypt it. Services responsible for exporting changes made locally to a cloud-based file storage system can also promote the spread of ransomware. Finally, companies must not only perform regular backups but must also ensure that these are stored separately from production systems to truly protect their data.
While backups are an essential asset in any ransomware prevention strategy, they are no longer sufficient to protect businesses in a rapidly changing attack environment. Double-extortion ransomware is becoming more and more common: in addition to stealing it, hackers encrypt the data and then threaten to publish the data if the victim does not pay.
The best way to limit vulnerabilities to these types of attacks is to perform a data risk analysis. Any business should seek to understand the critical data it has, know where it is stored, and provide protection commensurate with its sensitivity. This first step is part of a larger process, and will open discussions around the data, its processing and its use. The legislation on the protection of privacy (RGPD), in Europe, also warns against the collection of more personal data than necessary.
Companies that put these various cybersecurity tips into practice will have a better chance of being able to escape the scourge of ransomware. A strategy based on prevention requires investment, both in time and in resources. This is why calling on a trusted third party who specializes in the field can help companies speed up this process and become more secure. But be careful, keep in mind that these tips must be applied to infrastructure, as well as to people, to be truly effective.
1) According to the score CVSS