Ransomware: Dont let your business be held for ransom

Ransomeware is a worrying trend in IT security. Here's how to ensure your business doesn't get caught up.

Ransoms are one of the oldest means of exploitation. Taking an item of tremendous value and demanding compensation for its return is an effective, if sinister, way for criminals to get what they want.

Ransomware follows a lot of the same rules as more traditional forms of extortion, simply applied to the digital era. With ransomware, attackers infiltrate laptops, servers, or data centres through encryption and render personal or corporate data inaccessible unless victims pay a ransom.

Ransomware is the fastest growing industry in IT security. Law enforcement can’t stop it. The IT department can’t reverse it and unless the right steps are taken prior to an attack, all enterprises can do is pay the ransom and hope for the best.

An organisations best measure against ransomware is prevention with security policies that increase internal awareness and reduce exposure.

One way to mitigate the risk of losing data is through timely, complete off-site data backups. A good backup rule of thumb is 3-2-1″ back up three copies of every file, on at least two types of media, at least one of which is offsite. With offsite backups, you can restore your files after ransomware has finished the encryption process.

Another way to mitigate ransomware is through education. Despite years of warnings about suspicious emails and websites, users still fall prey. Ensure new employees are trained on ransomware during on-boarding, as well as existing workers.

Work with HR and internal communications departments to help engrain data security into the fabric of the business and tell users what kind of threats to look for, including:

Crypto-ransomware Strong cryptography that encrypts files, presenting victims with an alert that they must pay a ransom to decrypt their data. Some variants can jump from machine to machine within an IT network. They can also look for file shares and attached backups, and extend to web servers, debilitating business operations.

Phishing Typically spread through phishing emails that contain malicious attachments if clicked on. Many phishing emails include subject lines that are enticing and may seem legitimate such as package deliveries, payroll or payments.

Drive-by downloads Unintended downloads from infected websites that are delivered through a browser exploiting a software vulnerability on the target machine.

Malvertising The injection of malware-laden ads onto legitimate websites. Popular sites from The New York Times to the Nikkei Stock Exchange have unwittingly carried malvertising.

USB sticks The spreading of infected files to and from attachable devices such as thumb drives can infect laptops, desktops, smartphones, tablets, servers and even entire data centres. In the era of IoT, it can extend to wearables that sync with other devices, and potentially Internet-connected HVAC or lighting systems.

Continue reading on page two to discover how to protect your business from ransomeware.

A comprehensive ransomware prevention strategy should include device control, patch management and configuration management. Fast action, such as immediately taking an affected machine offline, can prevent a ransomware attack from moving through the network and affecting other systems.

An effective ransomware prevention strategy should include the following:

Device control  Set controls about what kinds of devices can be loaded on a system. Those rules can address type, brand and even an individual USB drive. Effective device control automates the discovery and management of removable devices. It defines and enforces device use policies by group or individual user, with flexible exception policies.

Patch management  Patch management remains one of the most effective means of thwarting attacks, including ransomware. To protect against ransomware in particular, be sure to enable the downloading of software patches to your operating systems, Microsoft Office, Adobe applications, your browsers and browser plug-ins.

Configuration management  To ward off ransomware, set browser security to the highest possible level to reduce the chances that malicious content can be downloaded from a website. Also use the browsers Do not track feature to reduce the chance of encountering malvertising by limiting ad views. In addition, monitor outgoing traffic. Block known malicious URLs and watch for nonsense URLs that look suspicious. When in doubt, block first and ask questions later.

Make no mistake, ransomware is the next big scourge to strike businesses. Its not a trivial threat, and one organisations are almost certain to encounter.

By taking preventive measures now including rigorous data backups, thorough user training, and prevention strategies the risk of ransomware and other malicious attacks can be mitigated, without ransoming the organisations success.

Eric Aarrestad is VP and GM for the unified endpoint management business unit at HEAT Software.

Share on social media

Link copied to clipboard.