How to Prepare, Prevent and Recover From a Ransomware Attack

After a highly publicized cyberattack led to the shutdown of the Colonial Pipeline, many organizations are wondering how vulnerable they are to a ransomware attack. And the reality is, most of us are a target. Unfortunately, any organization that has critical data stored within its network is at risk of being a cybercrime victim. As ransomware becomes more common, every organization should take these steps to prepare, prevent and recover from a ransomware attack.

Understand How Malware Is Entering Your Environment

The two most common ransomware attack vectors are Remote Desktop Protocol (RDP) and email phishing. According to Coveware’s 2020 Q4 Ransomware Marketplace report, RDP-based breaches accounted for ~70% of the ransomware cases handled by their support team, and over 50% of them were a result of email phishing.

So how can you reduce the risk and strengthen RDP and email security?

Put RDP servers behind a firewall
Require strong RDP passwords
Employ two-factor authentication for RDP
Run regular vulnerability scans
Remediate vulnerabilities when identified by scans
Train users on best email security practices
Use email scanning and filtering tools
Test users with email specific social engineering tests

The system’s users are among the biggest security risks, so take time to invest in their training on both the use of the technologies as well as the user’s role in security within the organization.

Track, record and update your assets

By taking inventory of every device that belongs to your organization, you will have accurate records to ensure proper monitoring. You want to track servers (virtual servers & bare metal servers), laptops/desktops/workstations and other resources. Then update your devices, such as operating systems, applications, browsers and browser plugins, often and timely.

Implement Immutable Backups

In other words, ensure that backups cannot be modified. This step will allow you to restore data quickly in the event of a ransomware attack and protect backup data from being impacted by a ransomware attack.

Review and Update Incident Response Protocols

Make sure a plan is in place to quickly detect and respond to suspicious activity that can lead to a ransomware attack.

Invest in Cyber Insurance

Having coverage can help an organization financially recover from an attack if they are unfortunate enough to be the target of one.

If you would like to better understand how your organization can protect its data and systems from ransomware or other cyberattacks, contact us. Weaver’s IT Advisory Services team can review the unique needs and concerns of your organization in addressing these issues.