8 Ways to Stop a Ransomware Attack Before it Starts (& What to Do If One Gets Through)

While these attacks take many forms, they can mostly be divided into three broad categories:

• Leakware: In this type of attack, the perpetrator threatens to release sensitive information unless a ransom is paid.
• Lockers: As the name implies, this type of attack will lock down the infected machine or system until the perpetrator receives payment.
• Encryption: By far the most frequent type of ransomware attack, attackers will encrypt data and only provide the key once payment is received.

Figuring out how to prepare for a ransomware attack can be a bit overwhelming. That’s why there’s an entire rapidly growing field of IT risk management built around preparing for ransomware attacks. Fortunately, there are some basic steps that nearly all cybersecurity experts agree you should take to help safeguard your system and allow your enterprise to keep running should this type of malware make it through.

Keep Systems & Software up to Date

It’s a constant battle between those attempting to keep your data safe and those trying to break through. Many updates have security patches that repair previously discovered vulnerabilities, which is why it’s important to always update your software and systems.

Install Anti-virus Software & Firewalls

Firewalls are network security devices that keep track of what’s going in and out of the network. They are your first line of defense against any type of malware and keep Trojans, worms and other types of invaders from ever making it into your machine or system.

Anti-virus software is a kind of triage once ransomware has made it into your system, scanning for a variety of threats and attempting to neutralize them when found.

Network Segmentation

For many types of ransomware attacks, once a machine or closed system is compromised, there is very little you can do to mitigate the damage. That’s why most network managers will tell you to divide your global network into smaller subnetworks. Each subnetwork acts like a ship section, with bulkheads that can slam down between them in the event of a breach. The end goal being to save the overall network, even if a portion is lost.

Endpoint Security

As companies scale, the number of devices on a given network will inevitably increase. Each of those devices serves as a potential point of entry for malicious software. To combat this, administrators need to be able to monitor and respond to threats in real time. Endpoint protection platforms and endpoint detection and response programs are great tools for this.

Employee Training

Clicking the wrong link or opening a suspicious email are two ways ransomware can enter your system. In fact, email is one of the top two attack vectors for data breaches in general. Employee training on these methods along with safe ways to access secure information will help keep human error from leading to a major network issue.

Test & Re-test

Because cyber threats are continuously evolving, it’s imperative to constantly test your system for vulnerabilities that new generations of attacks might exploit. Once you’ve identified a vulnerability, address it immediately. You should also reevaluate user privileges regularly to keep your network segmentation healthy.

Back up Your Data

One of the main reasons ransomware attacks are successful is because the cost of paying the ransom is often lower than the cost of a service interruption. By regularly backing up your data to secure, offline, storage, you’ll ensure continued access to vital information.

Archive Emails

Emails document the day-to-day operations of modern organizations. Being able to access them on demand can be crucial in a variety of situations. Using a reliable email archiver with an easy-to-use interface and solid disaster recovery capabilities ensures access to all your email communications even if you’re locked out of the network.

Sometimes even the best-laid defenses fail. In those cases, your first concern should be how to minimize the ransomware attack’s damage. It’s important to have a detailed response plan in place so everyone knows their exact role in combating the threat. This ensures a rapid response that will prove critical in mitigating the damage caused by the breach. You can customize your plan according to your company’s needs but, at a bare minimum, it should include:

Isolating Infected Systems 

Isolating infected machines and network segments can prevent the virus from spreading and compromising other systems.

Identifying the Source of the Incursion

Figuring out the ultimate source of the attack can help network administrators identify system vulnerabilities. They can then use this information to address the vulnerability and shore up security.

Reporting the Attack to the Authorities

Beyond the obvious criminal implications of a cyberattack, law enforcement agencies have access to advanced tools that can aid in the recovery of stolen information. While not the typical outcome, sometimes data can be salvaged and the guilty brought to justice.

Not Paying the Ransom

While it may be tempting to pay for your data’s safe return, most experts strongly advise against this course of action. Beyond there being no guarantee the perpetrators will give you a decryption key, once an attacker gets paid, they’re much more likely to commit the same type of crime again.

With nearly 500 million attacks last year alone, ransomware is a threat organizations can’t afford to ignore. By taking affirmative, proactive steps, businesses can greatly reduce the risk of an incursion. Should one take place, having a robust response plan will prove crucial to mitigating the damage.

Intradyn offers best-in-class email archiving services that will keep your communications accessible and whole even in the event of a ransomware breach. Request a quote today to find out which of our scalable plans is right for your company.