10 Steps to Protect your Business from Ransomware
Ransomware attacks against businesses of all sizes are on the rise and have become a digital pandemic. This malicious threat now steals the headlines more than ever, especially with the disruption of more people working from insecure home environments. Gone are the days where small business owners can ignore the real threat Ransomeware poses to their customer data and, therefore, their business reputation.
Ransoms above $50,000 to $400,000 are no longer uncommon, and depending on the target, ransom demands have reached into the millions. Global Ransomware damage is expected to be at over USD 20 billion this year.
Consumers these days expect businesses to keep their data safe and secure. Moreover, our governments mandate that we take responsibility as business owners for the customer data we store. Before we discuss preventing and protecting ourselves from Ransomware, let’s take a moment to understand what it is and its evolution.
The rise of Ransomware
The concept of Ransomware has been around since the mid to late ’80s when malicious actors would use floppy disks to install malware programs on their target’s computers. Since 2014 however, the real scourge of Ransomware has emerged and is sweeping the globe as a digital pandemic. In 2017 the WannaCry attack disabled Microsoft based corporate computing systems worldwide in one of the largest and possibly most financially costly Windows-based Ransomware attacks ever seen. And it will not be the last.
So, what exactly is Ransomware? It is a type of malware that holds network data hostage. Just like when a person or loved one has been kidnapped for ransom, your data is encrypted and held hostage. Ransomware attacks typically target vulnerabilities on endpoints (a network term meaning entry point), preying on organizations that may not be thoroughly up to date in their security practices and hygiene. However, security hygiene can be time-consuming and challenging to maintain for a small business. Good security fundamentals help protect your customer data and, therefore, your brand reputation. This article describes best practice for SME’s. It provides the fundamentals to protect yourself from Ransomware and other forms of malware. Before that, let’s look at some of the most notorious Ransomware released to date.
This program debuted in August of 2018 and was initially targeted at enterprises that can pay a lot to recover their files. Covering its tracks, the program deletes all files used to deploy the malware, making it very difficult to pinpoint the exact cause of infection. It then identifies and encrypts network drives while seeking out and deleting any visible shadow copies of those drives on the network. Finally, it disables the Windows System Restore option making it impossible to restore encrypted files without a backup.
Distributed as ransomware-as-a-service (RaaS) by a Russian crime group through a profit-sharing affiliate partner program, GandCrab is considered the most popular multi-million dollar ransomware. One of the few widely deployed ransomware variants, it dominated the market. Multiple infiltration vectors included exploit kits, stolen credentials, phishing emails and compromised websites. GandCrab also relied heavily on MS Office macros, VB Script and Powershell to avoid detection.
MedusaLocker makes sure mapped network drives are accessible, erases Shadow Volume copies, removes backups and disables Windows Automatic Startup repair. Following encryption, it sleeps before scanning for more files to encrypt. Further, it creates scheduled tasks that relaunch the program every half hour.
10 Steps to Protecting Yourself from Ransomware
Unfortunately, there is no absolute silver bullet that guarantees your network will never be compromised by malware. Fortunately, while organizations should be wary of ransomware threats, they don’t have to be scared of them. This type of malware can often be prevented and recovered from, with minimal impact.
Keep all software updated, including operating systems and applications and maintain clear inventories of all digital assets and their locations.
Identify valuable data and segment the network. Avoid putting all data on one file share (OneDrive, Google or Server for, example) accessible by everyone in the organization.
Perform daily backups, including data on employee devices. Consider online, local, off-network and secure offsite locations.
Train staff on security practices, emphasizing the importance of not opening attachments or links from unknown sources.
Create an isolation plan to remove infected systems from the network.
Employ your IT partner to perform penetration testing to find and patch vulnerabilities, ensure Remote Desktop Protocol ports can’t be accessed by default credentials, and maintain adequate security hygiene.
Recognizing that threat actors are also attacking the cloud so ensure you have complete visibility over your cloud services.
If you don’t have the skillset yourself, speak to your IT partner to understand what techniques nefarious actors use. For example, Emotet and Trickbot infections can signal the coming of Ryuk, typically starting about one to two weeks before the delivery of the Ransomware. Perform a full compromise assessment at any sign of intrusion.
Endpoint security software will block many attempts at infection through email, but securing the endpoint is no longer sufficient. Employ a multi-layered threat defence solution.
Engage a reputable IT security provider to secure your network and data. A good IT security provider will supply everything you need to protect and recover from malicious attacks against your network.
But what if you do if you’re too late in catching the ransomware attack?
Management and business owners must consider the circumstances they would or would not pay a ransom and then set processes for decision-making and launching an investigation. A policy and communications strategy guided by your IT provider, legal and business factors will reduce stress and allow for an informed rapid response.
As part of our one of a kind IT services bundle OpsGuard™ Shield, our clients receive a complete cybersecurity solution protecting them from malware and other cybersecurity threats. Reach out to us today and receive your free IT audit.