How to Prevent + Manage Ransomware
In case you haven’t heard, cybercrime has increased by more than 600% since the start of the pandemic. That, of course, includes malware and ransomware cases—cases where digital criminals encrypt an organization’s files and then hold them for ransom increased by more than 140% in Q3 of 2021 alone.
Ransomware can be incredibly costly to your organization both financially and in terms of reputation. As operations are halted, internal resources are dedicated to addressing the malicious activity, and headlines fly in the press, so it’s vital to have an established methodology for mitigating your company’s risk of becoming a victim of these acts.
While virtual criminals and threats continue to rapidly increase in frequency and sophistication, you might be wondering how you can best safeguard your organization. In this article, we’ll focus on two cornerstones: preventative and responsive efforts to combat cybercrime.
What Is Ransomware?
Ransomware is a type of malware that essentially holds an organization’s files or data hostage with the goal of getting the organization to pay a ransom for their information back. Ransomware and other malware are often spread through email spam campaigns that rely on someone clicking the wrong thing and setting the whole attack into motion. This type of malware utilizes asymmetric encryption that leverages a public and private key to encrypt and decrypt the data.
The attackers make the private key available to the victim only after a ransom is paid, usually within a quick timeframe of 24 to 48 hours. If the victim doesn’t pay the ransom, then they risk the files being deleted altogether. Unfortunately, ransomware marketplaces exist to easily sell strains of malware code on the black market that just about anyone can use to launch an attack against an organization.
How Does Ransomware Impact Your Organization?
Like any kind of digital threat or attack, ransomware can have a tremendous impact on your organization; they’re costly, loaded with risk, damaging to your company’s reputation, delaying your operations, and more.
In the first half of 2021, the average ransom demand was more than $5 million, a 518% increase in demand cost since 2020. 80% of organizations were slammed with ransomware attacks in 2021, so they’re quite popular with virtual criminals and have the potential to impact any industry.
Obviously, this average demand amount could put a dent in any organization’s financial standing—and that’s not even factoring in the cost of lost work, delayed processes, reputational damage, and more. In fact, the average cost of a ransomware attack—excluding the demand amount—was an average of $4.62 million in 2021. The tangible and intangible costs of ransomware are simply too high to risk not having proper measures in place to prevent and appropriately respond to them.
How to Prevent Ransomware in 11 Steps
If you’re worried about ransomware impacting your company and want to take actionable steps to mitigate its risk, then you’re in the right place.
The following are just some of the basic preventative security guidelines to follow and if implemented properly, could significantly reduce the likelihood of infection by ransomware or any other future type of attack:
Implement a reputable AV solution and ensure that all PCs, laptops, and mobile devices are kept up to date with the latest versions and signatures.
Establish a means to keep all devices patched with the latest versions and patches for all key software employed on those computers.
Block all outgoing I2P and other peer-to-peer network traffic at the firewall to prevent infected computers or devices from communicating with their masters and receiving further malware instructions.
Subscribe to a reliable threat intelligence source that will regularly update you with details of malicious and suspicious URLs, domains, and IP addresses across the Internet; access to these malicious and suspicious URLs, domains, and IP addresses should then be comprehensively blocked.
Install ad-blocking software on your firewall to prevent infections via malicious ads on websites.
Disable ActiveX content in the Microsoft Office Suite of applications; many computer viruses use macros to take advantage of ActiveX and download malware onto the vulnerable PC.
Examine ways to block executable files from the %APPDATA% and %TEMP% paths on computers with the Microsoft Windows OS installed; these folders are often used by malicious software to download and execute files associated with ransomware and other malicious software.
For Windows-based computers, use Software Restriction Policies to allow only authorized software to run on your computers.
Remove local admin access to Windows-based computers—and the equivalent for other operating systems—in order to minimize the likelihood of malware being installed on the device by the user.
Analyze ways to segment your network so that you can control network traffic or isolate parts of your network to contain an outbreak.
Hold regular security awareness training campaigns and seminars for your employees to enable users to identify and deal with potential threats.
What To Do If You’re Affected by Ransomware
In the unfortunate event that ransomware does make its way onto your network, you now have to respond to this incident.
If you don’t already have an incident response plan in place for handling ransomware incidents, you and your cybersecurity team should develop one as soon as possible. Your incident response plan should be your automatic go-to and include tactical procedures on how you will handle the ransomware infection.
Best practices in the cybersecurity industry advise not paying the ransom for a handful of reasons. Doing so incentivizes the hackers since they’ll see your company as a good investment and launch more attacks in the future; plus, funding cybercriminals means you’re funding stronger ransomware and other malware that could cause harm to more companies.
Instead of paying the ransom demand, consider incorporating these steps into your incident response plan:
Isolate the infected machine from the network.
Replace the compromised machine’s hard drive.
Restore from bare metal using your latest backup; note that if you are not backing up frequently enough, then the lapse in time represents your data loss and possible financial loss. In an ideal world, your systems would back up in real-time 24/7, but the cost of doing so may not fit within your budget.
Another responsive step involves new technologies to decrypt infected files; a site called No More Ransom has resources available to help decrypt files that are being held for ransom.
Through a combination of both preventative and responsive measures, you can maximize your cyber resilience and minimize the impact of a ransomware infection on your organization.
If you want a more in-depth penetration test or are looking to fortify your cybersecurity strategy, then partner with Security Compliance Associates! Our experts have decades of experience in dealing with prevention and remediation methodologies that are proven and validated by various compliance and security measures.
Contact us today to learn how we can help secure your organization from malicious actors and digital threats!