Ransomware attacks seem to be in the news every day. With the recent Colonial Pipeline ransomware attack and the infamous Kaseya breach, protecting ones' network against ransomware breaches (and the fallout) looms large in the mind of concerned IT managers and cybersecurity experts.
In 2020, the FBI received 2474 ransomware complaints (and these are just the ones that got reported).
Cybersecurity experts calculate that a business falls victim to a ransomware attack every 11 seconds.
Making things worse, more employees are working from home. Cybercriminals have noticed this trend and are taking the opportunity to launch attacks outside corporate firewalls.
Ransomware typically propagates via spam, phishing emails, or social engineering. Cybercriminals can also spread ransomware through drive-by download attacks to penetrate your network.
Ransomware infection methods are constantly evolving, and there are innumerable ways your network can get infected. Once your network gets penetrated, the ransomware locks all files it can access via solid encryption.
At this point, the cybercriminals will demand a ransom (payable in Bitcoin) to decrypt the files and restore full operations to the affected IT systems.
Four out of five MSPs have had to deal with ransomware attacks. What's more shocking is that most businesses seem to be in reactive rather than proactive mode.
What is your business doing to ensure that your business is prepared for the next ransomware attack?
Prevention is the first strategy against Ransomware attacks. Here's a quick ransomware defense checklist created by cybersecurity experts:
1- Install anti-virus and anti-malware software to block unknown payloads from launching.
2- Make frequent and comprehensive backups of all important files and isolate them from local and open networks.
3- Keep offline backups of data stored off-site in locations not accessible from any infected computers by using disconnected external storage drives and/or cloud storage.
4- Use immutable backup options like Object Lock. This way, your data is fixed and cannot be deleted before a time set by your team. Once you've deployed immutability on all your critical data, you can quickly restore data from your immutable backups and return to business ASAP.
5- Install the latest security updates issued by your OS and applications. Remember to set a policy with your IT team to patch early and patch often.
6-Make sure that your IT team segments your networks to keep critical computers isolated to prevent the spread of malware.
7-Turn off admin rights for all users who don't require them. Create a policy of giving users the lowest system permissions they need to do their work.
8-Educate everyone on your team about the latest email phishing scams and human engineering tricks.
If the worst happens, and your networks still get infected despite your best efforts, then the best way to make sure that the ransomware gets removed is to wipe all storage devices and reinstall everything from scratch completely.
Obviously, this will only work if your IT team follows a strict backup policy further protected with off-site backup.
If your team has been following a sound backup policy with both local and off-site backups, they should be able to restore the network with backup copies not connected to the network at the time of the attack and hence protected from infection.
Just beware that local backups can also be encrypted by ransomware. If your backup solution is connected to a computer that gets hit with ransomware, then there's a good chance that your backups will also be infected. So make sure that your team keeps at least three copies of all your (and your customers') data in two different storage media, and most importantly, make sure that your off-site backup is air-gapped to be safe.
Following these basic safety measures will ultimately make the difference between a malware incident being a minor inconvenience or having to close shop.
Cybersecurity experts also suggest that larger companies should hire several systems administrators to work 24 hours.
While the ultimate solution to prevent ransomware breaches will probably be adopting some form of blockchain-based data storage system (for its decentralized capabilities), there is a stopgap that might just work in the meantime.
It has been reported that the hacking ring REvil (responsible for the Kaseya ransomware attack) writes all their malware code to avoid systems that use Russian or related languages. So now you know what to do to protect your network, get your IT team trained in Cyrillic characters!