Best Practices to Counter the Ransomware Threat
Ransomware is a persistent threat that targets individuals, enterprise organizations, and everyone in between. It seriously impacts business operations, making data difficult to recover and forcing company downtime. According to fourth quarter 2019 statistics, the average ransomware incident lasted 16 days, an amount of time that can be disastrous for an organization of any size.
Ransomware attacks are typically launched via a phishing email (although other methods can also be used) with malware-embedded attachments or hostile links that, when clicked, will execute malware on the victimized device. While ransomware attackers were initially focused on targeting data, they have evolved their tactics to include, both extorting and encrypting data stolen from victimized machines. Being able to effectively identify, mitigate, and remediate a ransomware attack is increasingly important for organizations to maintain cybersecurity resiliency.
Following are several precautions and best practices that should be adopted to mitigate threats, accelerate any necessary remediation efforts, and minimize the impact of ransomware on your business operations.
Employee Training. Employees are your first line of defense and can help pre-emptively protect your organization when appropriately trained on ransomware tactics. Advise your employees to never click on unsolicited links or file attachments when opening emails from an unknown source. If they suspect an email to be from a malicious source, they should immediately report it to your IT security department.
Proactive IT Prevention. Due to the pervasiveness of ransomware attacks, all organizations are viable targets, and none are impervious to their efforts. Maintaining good cyber hygiene and proactively responding to cyber threats, such as ransomware, are the best ways to minimize your organization’s exposure.
- Bolster defenses against ransomware attacks by proactively updating software and operating systems (OS) with the latest security patches. As cited by the Department of Homeland Security, outdated applications and OS are often targeted by attackers.
- Restrict user permissions to only the necessary functionality to support job responsibilities.
- Ensure that spam filters are enacted to identify and prohibit potentially malicious emails at the onset.
- Scan incoming/outgoing emails for potential threats, and filter executable files before the related emails reach users.
- Configure firewalls to prohibit entry of known hostile IP addresses.
- Conduct penetration tests and vulnerability assessments of the enterprise.
Emergency Planning. Organizations that develop and implement plans for incident response and continuity of operation are well positioned to quickly pivot when a cyber threat emerges. Your organizations should create and document these plans to efficiently respond when an inevitable ransomware attack occurs.
- Securely back up data on a consistent basis and store the data backup in a place separate from the network to improve recovery and continuity efforts.
- Create an emergency contact list that includes key stakeholders inside the organization and key individuals outside the organization, such as law enforcement and third parties.
Emergency Response. Should ransomware infiltrate your organization’s network, there are several measures that should immediately be taken to reduce the impact.
- Isolate the infected computer and remove it from the network to prevent ransomware from spreading internally.
- Shut off and segregate any other computers that were infected to facilitate recovery of partially encrypted files.
- Take backup data and backup systems offline to ensure that they are not infected.
- Contact law enforcement
Preparation is the key to protecting your organizations networks and the data stored on them. By implementing a proactive cyber risk management program your organization will bolster its chances of not falling victim to ransomware attacks.
For more information on the increasingly varied tools and tactics that ransomware attackers are using to exploit businesses, read our previous blog Businesses Face Escalating Ransomware Threats.