Fighting Back Against Ransomware
In 5 Steps
During the last year, 22% of businesses were forced to pause operations due to ransomware, often for days or weeks at a time.
But this comes as no surprise.
In just the few days it took to write this article, a hospital system in Louisiana (serving 270,000 patients), the Guardian media company, and the Intrado telecoms firm were all hit by crushing ransomware attacks. While this might feel like business as usual, it is often catastrophic for those impacted.
What is Ransomware?
Ransom malware, or ransomware, is a malicious code or application that encrypts its victims' files, effectively shutting them out of their own network until a ransom is paid. Often, hackers will pair this with a threat to publish the data online, allowing them to both extort additional funds and attack companies with even well-maintained backups.
Ransomware was first used in the late 1980s (with ransoms being paid by snail mail), but only really took off once attackers shifted their focus from consumers to enterprises. These days, most ransoms are paid via cryptocurrency making them extremely difficult to trace. By 2017, 35% of SMBs had reported being the victim of a ransomware attack, with ransoms averaging over $100,000. Today, nearly 80% of companies report being compromised at some point.
Typically, ransomware is delivered via phishing emails, but can also be spread via USB sticks (as in the WannaCry attack that crippled Iran's nuclear program) as well as actively planted through a compromised Remote Desktop Protocol (RDP).
Defending Against Ransomware
• Backups
The most effective way to preemptively neutralize most ransomware threats is to maintain up-to-date and secure backups. These should be stored offline, encrypted, and (if possible) off-site. Ensure that backups are independently maintained and cannot be accessed via the infected system. Cloud-based backups are not entirely safe, as hackers will usually begin their attack by compromising and encrypting any locatable backup servers. Only restore your systems once they've been wiped clean and scanned for any remaining traces of malware.
• Security Software
Ensure that your anti-virus/malware, EDR, and other network monitoring systems are updated and properly configured. It can be a good idea to perform periodic audits on these, as well as your cloud configurations, to make sure that your shifting attack surface remains properly defended. Identifying an infected device as early as possible is critical; this keeps the malware from spreading to other machines or systems. While EDR systems and SIEMs produce useful logs and alerts, your ability to effectively monitor and escalate incoming data will make all the difference. Partnering with an Incident Response team to oversee your security feed can be an affordable and effective solution for many businesses.
• Security Hygiene
There are a number of ways to harden your security without breaking a sweat. To start with, enable 2FA wherever possible. Multi-factor Authentication is still the single most efficient way of staying protected online. In general, it's a good rule of thumb to close all open ports whenever possible and closely monitor those that remain open using ASM tools to manage what the company is exposing publicly. Finally, consider limiting network access to enterprise VPN users.
• Security Awareness
Most ransomware attacks begin with a phishing campaign. These often take the form of spear-phishing attacks, where the fraudulent sender pretends to be a trusted insider, typically from HR or IT. When hackers target high level executives, this is called whaling. Employees at all levels should be properly trained to spot and handle any suspicious mail, links, or ads. Silent Breach trainers work with companies to conduct comprehensive phishing simulations using real-world tactics and examples. This helps organizations identify gaps and adjust their awareness campaigns accordingly.
• Decryption Tools
In the event that you do suffer a breach, a number of online tools and resources are available. For example, if your malware strain matches one of the many that have been successfully decrypted, you may be in luck. No More Ransomware is a collaboration between law enforcement agencies and private industry which provides dozens of malware decryption tools free of charge. [Note: Many of these tools rely on design flaws in the ransomware to break the encryption. Nowadays, hackers are better at encrypting files and even quantum computers may not be able to help.] Finally, make sure to contact your local law enforcement agency as they can often provide additional resources and guidance.
Want to learn more about how to protect your company from ransomware? Silent Breach works with organizations of all sizes to craft customized security solutions. Contact one of our experts today.
Similar Reads:
Top 10 Challenges Facing CISOs in 2023
Are We At (Cyber) War With China?
How the Dark Web Can Protect Your Company
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.