Imagine yourself in the midst of compiling an important work report but suddenly you lose access to all the files. Or perhaps you get an error message asking you to send bitcoin to decrypt your computer. The scenarios are endless, but one commonality in all Ransomware attacks is that your attackers will always provide instructions on how to get your files back. You can eventually have your files back but of course, only after paying a hefty amount of “ransom” upfront. Our ‘Ultimate Guide To Ransomware’ explains what ransomware is, the different types of ransomware, solutions and the best ways to avoid and recover from an attack.
What is Ransomware?
How Does Ransomware Work?
Recent Ransomware Incidents in the News
7 Best Ways to Prevent Ransomware Attacks
Here are the best ways to mitigate ransomware attacks:
1. Provide Security Awareness and Training
All ransomware incidents are unknowingly initiated by human behaviour, so implementing security awareness training should occur first and foremost. This training is imperative as it teaches users to distinguish real threats from legitimate data. It also teaches them how to look for threats within emails and what types of best security practices to follow. For starters, training all users on not clicking anything in their emails unless verified and how to keep their communications secure by employing the latest security updates.
2. Employ Scanning Tools for Ransomware
There are specific tools available on both paid and open-source platforms that continuously scan your network for anything that resembles Ransomware. Most red flags are behavioural activities of a user like naming a file, deleting a file, or accessing data that is not normally accessed by that user. These tools detect patterns of unusual behaviour and trigger alerts that need investigating and then remediation.
McAfee provides top of the line scanning tools and a Ransomware file decryptor if certain specific types of listed Ransomware infect your data. Cisco Cognitive Threat Analytics performs User Behavior Analytics (UBA) that identifies abnormal behaviour from cyberattacks. Their software extracts metadata from an enterprise’s IT infrastructure and uses this information to map relationships among employees, data objects, content, and usage.
3. Employ Robust Endpoint Anti-Virus Security
Implementing a robust endpoint security system is crucial to mitigate these attacks. Certain antivirus engines can detect malicious malware and prevent it from getting downloaded. In addition, these tools can also provide the ability to view compromised devices and even send alert notifications when a user stumbles on a risky website. However, ransomware attacks are getting more complex as cybercriminals are coming up with innovative ways to get around the system. Therefore, more stringent security protocols need to be in place in conjunction with strong antivirus solutions.
- McAfee, industry-leading antivirus software provides both business threat detection and protection from hackers and cyber-attacks including ransomware.
- Fortinet, provides cybersecurity, threat protection, and endpoint management solutions.
- Sophos Endpoint Detection and Response (EDR) uses synapse to correlate network, email, web, and endpoint event data to provide threat protection to endpoints. As incidents are detected, correlation with other incidents discovered on your network occurs to show overall attack patterns and prioritize the most significant threats.
4. Disable Macros
Users of Microsoft Office products like Word and Excel often use macros for automation of repetitive tasks like formatting spreadsheets. However, it is best to keep the macros disabled as many threat actors use these macros to run malicious scripts.
5. Email Security, Inside and Outside the Gateway
Emails are the most vulnerable to Ransomware, so it is imperative to ramp up email security. Secure email gateways ensure the filtering of all email communications, along with activation of URL defences and attachment sandboxing. As a result, threats are detected proactively and prevent the transferring of. Whilst preventing email phishing scams should occur, paying attention to post-delivery protection is also important. There are various technologies available that can display warning banners within emails to alert the end-users so they can avoid opening them.
Sophos, a leading cybersecurity solution provider provides various email security and advanced threat protection options.
6. Employ Web Filtering and Isolation Technologies
7. Create a Data Backup and Recovery Plan
Without having a backup strategy, you risk losing all your data in the event of a compromise. All companies should have a disaster recovery plan. Backing up data in multiple locations is important and should be easily restored once the need arrives. Also, it’s very important to invest in a cloud data backup recovery to remediate against ransomware attacks.
All the above-mentioned ways help in mitigating Ransomware. However, this should be a two-pronged strategy. A blend of investing in robust tools and monitoring that will send triggers for these types of attacks. Along with, training the end-users so they can easily spot these types of attacks.
The Business and Compliance Aspects of Ransomware
Essential Eight Strategies to Mitigate Attacks
Strategies to Prevent Malware Delivery and Execution:
1. Application Whitelisting
2. Patch Applications
- Extreme risk; 48 hours
- High risk: two weeks
- Moderate or low risk: one month
3. Configure Microsoft Office Macro Settings
4. User Application Hardening
Strategies to Limit the Extent of Cyber-Security Incidents:
Restrict Administrative Privileges
Patch Operating Systems
Strategies to Recover Data and System Availability:
As mentioned previously, data backups are an integral part of a disaster recovery plan. In the event of a data breach or a Ransomware attack, recovering and accessing backed up data can occur. You can always decrypt the original data that the hackers encrypted by restoring successful backups.
In conclusion, as set out in our Ultimate Guide To Ransomware, when it comes to ransomware and malicious attacks, no amount of prevention and mitigation is enough. Therefore, the increasing prevalence of cybercrimes is pushing organizations to re-think their security strategies. The ISO27001 and the Essential Eight strategies provide a great outline and guidance for mitigating cyber-attacks.
While simple in concept, Ransomware is relentless and damaging. However, with due diligence and security best practices in place, you can pre-emptively protect your data and beat these malicious attacks right in their tracks.
DC Encompass provides a wide range of cybersecurity and compliance solutions for organisations. We partner with some of the biggest hardware and software names in cyber security, including Fortinet, McAfee, Qualys, and Sophos. To find out more about how our cyber security services can help you and what we offer click here.