5 ways to safeguard your business against the latest types of ransomware
Tue 17 Sep 2019 | Chester Avey
Chester Avey outlines what firms must prioritise in the fight against the latest ransomware threats
It might seem like a long time ago since WannaCry, which caused widespread disruption to the NHS other businesses, but ransomware attacks continue to make headlines. In fact, two very recent attacks successfully targeted two major US cities, Baltimore and Riviera Beach, with the latter choosing to pay out $600,000 in order to regain control of its systems.
According to the FBI, there were more than 1,493 ransomware cases reported in 2018. And one of the primary reasons that this number is continuing to rise is that many organisations facing loss of business-critical data are paying up.
The increasing sophistication of the latest attacks, means that it is imperative for your business to take appropriate steps to mitigate the risk and avoid the scenario of having to decide whether to lose data or pay an extortionate ransom.
Here are some of the key things that you can do to protect your business against the latest types of ransomware:
Regularly back up your systems
One of the key things that your businesses can do to minimise damage and disruption in the event of an attack is to regularly back up data and systems. The threat of losing data is reduced enormously if you have the ability to quickly restore compromised systems and data. Backups should be taken regularly, both online and offline.
However, it should be pointed out that many ransomware attacks will purposely target and delete backups. This is why it is so important to take multiple online and offline copies and store data in a variety of locations.
Don’t be too reliant on antivirus software
Many businesses believe that they are protected against ransomware attacks because they have antivirus software installed. However, traditional AV solutions are no longer effective at detecting the latest type of ransomware, which has the ability to change its files signature to evade detection.
To demonstrate the difficulty of detecting the latest attacks, researchers recently discovered a new type of ransomware, named Sodin, which uses a technique called ‘Heaven’s Gate’ to execute 64-bit code from a 32-bit running process.
To help identify the latest polymorphic and fileless attacks, your businesses should consider investing in a next generation endpoint detection and response platform that offers advanced behavioural monitoring as well as to the capability to contain and eliminate attacks.
Stay on top of your cyber hygiene
Getting the basics right is often key to preventing ransomware attacks. Staying on top of software patching, for instance, is one of the most important ways to protect your organisation. Indeed, looking back at the WannaCry attack, one of the reasons that many companies fell victim was due to a failure to patch a known vulnerability in Windows.
“Performing regular scans of your network to identify and help remediate vulnerabilities before they are exploited” (Redscan)
Make sure that your employees are only given the minimum network access they need to perform their jobs, plus commission. This sort of practice should be combined with regular vulnerability scans and penetration tests to help identify and address weaknesses.
Invest in user training
A huge number of ransomware attacks occur as a result of employee mistakes and errors – this could include opening malicious email attachments or unwittingly disclosing sensitive information such as system credentials. This is why it is so important to provide regular training sessions to your employees.
Cybercriminals are continuously devising new ways to deceive employees, such as email links that appear legitimate but actually point to spoofed websites. This is why it is so vital to invest in these employee cyber awareness programs and regularly update them in order to keep staff educated about the latest threats.
Test your incident response plan
A recent, well-publicised attack saw American drinks producer Arizona Beverages hit by ransomware. The company had backups in place, however, these had not been configured correctly, and staff learned in the aftermath of the attack that these backups were effectively useless. This resulted in significant operational disruption, lost productivity and recovery costs.
Testing your business’ incident response plan is therefore also an important step and will help ensure that your organisation’s systems and personnel are ready and prepared to deal with the fall out of an attack.
Ultimately, if you want to protect your business against a ransomware attack, you need to ensure that you are putting the time and resources into your cybersecurity measures. Failing to invest in your defences can leave your business vulnerable, and this is when cybercriminals are most easily able to breach you with ransomware.
- Photo Credit: onlyyouqj