Tips for Protecting Your Data Against Ransomware
Never miss a thing.
Sign up to receive our insights newsletter.
Trojan attacks, viruses, spyware… you have probably heard various names for malicious programs, or malware, that cyber attackers use to gain unauthorized access to environments or to cause destruction to data and systems. These days, ransomware has proven to be a particularly pernicious form of malware. Anyone that has critical data stored within their device or network is at risk of being a victim of a ransomware attack.
Ransomware is just like it sounds – a cyber attacker holds the system or data hostage until a ransom is paid. Unless the attacker receives the ransom payment, access to the system may be denied or data may even be deleted. Ransomware may actively spread throughout the victim’s environment, increasing pressures and creating more leverage for the attacker. And there’s no doubt about it: successful cyber attackers can profit handsomely from ransomware.
Why hasn’t ransomware been stopped? With all of the sophisticated cybersecurity tools available, you would think it would be easier to guard against ransomware, yet we still see attacks making headlines. A cycle is created where victims of a malicious attack often pay the ransom, and as more cyber attackers get what they want, others are inspired to follow. At the same time, most organizations have been slow to recognize the threat and do not take appropriate measures to mitigate the risk.
You may not think this could happen to you. But the truth is, everyone is a target!
Fending off an attack
Here are a few tips for mitigating the risk of a ransomware attack:
Identify and update all assets. This includes servers (virtual servers & bare metal servers), laptops/desktops/workstations and other resources. Having an accurate and complete inventory of all devices that belong to your organization will help ensure proper monitoring. All devices should also be updated often and timely. This includes operating systems, applications, browsers and browser plugins.
Back up critical data. Define and configure an appropriate backup frequency and keep an offline and/or immutable copy of backups. Make sure the stored backups hold the expected (critical) data and cannot be modified. You don’t want to count on restoring from a backup and then have incomplete or inaccurate data. If possible, store your backups using cloud-based services or with disconnected external drives to prevent the cyber attacker from gaining access to your backup files.
Complete security awareness training. All appropriate personnel should complete cybersecurity awareness training. The training should include information about the risk of clicking on links and opening unfamiliar attachments. Further, external emails should be identified with a visual banner. Phishing campaigns may be performed to test staff awareness of these requirements.
Technical mitigations also include:
- Allowing only authorized personnel, who have been trained on proper procedures, to install software.
- Allowing a prescribed list of approved software to run on authorized devices. This will prevent cyber attackers from tricking unsuspecting users into installing malware on their devices.
- Performing a routine URL and email content scan to identify threats and any known malicious links.
Plan NOT to be a victim
Organizations need to remain vigilant about assessing the evolving threat of malware, which includes consideration of ransomware threats on a regular basis. If you need support related to ransomware mitigation, response strategies or more information about identifying risks related to ransomware, contact us. We are here to help.
Authored by Lulu Hernandez, CISA.
© 2020