8 Ways to Stop a Ransomware Attack Before it Starts (& What to Do If One Gets Through)

  • Security
  • 8 Ways to Stop a Ransomware Attack Before it Starts (& What to Do If One Gets Through)

    These days, we all live and breathe technology. There isn’t much in our daily lives that doesn’t depend on technology, and that’s certainly true of the workspace. Between desktops, laptops, tablets and phones, there are a plethora of devices connected to corporate networks. That’s to say nothing of the on-site servers or cloud storage accounts nearly all organizations maintain.  That’s why a malicious network breach is the nightmare scenario for every IT professional.

    Ransomware, a type of malware, should be of particular concern. In a ransomware attack, access to sensitive data on a machine or network is closed off until a ransom is paid to the person or entity behind the attack. Given the amount of sensitive information most companies hold, this type of attack can prove very costly. In 2017, WannaCry infected over 230,000 computers, forcing four-day shutdowns at major corporations around the world. Globally, ransomware is expected to cost the economy more than $265 billion annually by 2031.

    This blog will break down the different types of ransomware attacks companies are likely to face, how to go about preparing for ransomware attacks and how to minimize the damage from a ransomware attack, should one occur.

    Types of Ransomware

    While these attacks take many forms, they can mostly be divided into three broad categories:

    • Leakware: In this type of attack, the perpetrator threatens to release sensitive information unless a ransom is paid.
    • Lockers: As the name implies, this type of attack will lock down the infected machine or system until the perpetrator receives payment.
    • Encryption: By far the most frequent type of ransomware attack, attackers will encrypt data and only provide the key once payment is received.

    How to Prepare for a Ransomware Attack

    Figuring out how to prepare for a ransomware attack can be a bit overwhelming. That’s why there’s an entire rapidly growing field of IT risk management built around preparing for ransomware attacks. Fortunately, there are some basic steps that nearly all cybersecurity experts agree you should take to help safeguard your system and allow your enterprise to keep running should this type of malware make it through.

    Keep Systems & Software up to Date

    It’s a constant battle between those attempting to keep your data safe and those trying to break through. Many updates have security patches that repair previously discovered vulnerabilities, which is why it’s important to always update your software and systems.

    Install Anti-virus Software & Firewalls

    Firewalls are network security devices that keep track of what’s going in and out of the network. They are your first line of defense against any type of malware and keep Trojans, worms and other types of invaders from ever making it into your machine or system.

    Anti-virus software is a kind of triage once ransomware has made it into your system, scanning for a variety of threats and attempting to neutralize them when found.

    Network Segmentation

    For many types of ransomware attacks, once a machine or closed system is compromised, there is very little you can do to mitigate the damage. That’s why most network managers will tell you to divide your global network into smaller subnetworks. Each subnetwork acts like a ship section, with bulkheads that can slam down between them in the event of a breach. The end goal being to save the overall network, even if a portion is lost.

    Endpoint Security

    As companies scale, the number of devices on a given network will inevitably increase. Each of those devices serves as a potential point of entry for malicious software. To combat this, administrators need to be able to monitor and respond to threats in real time. Endpoint protection platforms and endpoint detection and response programs are great tools for this.

    Employee Training

    Clicking the wrong link or opening a suspicious email are two ways ransomware can enter your system. In fact, email is one of the top two attack vectors for data breaches in general. Employee training on these methods along with safe ways to access secure information will help keep human error from leading to a major network issue.

    Test & Re-test

    Because cyber threats are continuously evolving, it’s imperative to constantly test your system for vulnerabilities that new generations of attacks might exploit. Once you’ve identified a vulnerability, address it immediately. You should also reevaluate user privileges regularly to keep your network segmentation healthy.

    Back up Your Data

    One of the main reasons ransomware attacks are successful is because the cost of paying the ransom is often lower than the cost of a service interruption. By regularly backing up your data to secure, offline, storage, you’ll ensure continued access to vital information.

    Archive Emails

    Emails document the day-to-day operations of modern organizations. Being able to access them on demand can be crucial in a variety of situations. Using a reliable email archiver with an easy-to-use interface and solid disaster recovery capabilities ensures access to all your email communications even if you’re locked out of the network.

    How to Minimize Damage from a Ransomware Attack

    Sometimes even the best-laid defenses fail. In those cases, your first concern should be how to minimize the ransomware attack’s damage. It’s important to have a detailed response plan in place so everyone knows their exact role in combating the threat. This ensures a rapid response that will prove critical in mitigating the damage caused by the breach. You can customize your plan according to your company’s needs but, at a bare minimum, it should include:

    Isolating Infected Systems 

    Isolating infected machines and network segments can prevent the virus from spreading and compromising other systems.

    Identifying the Source of the Incursion

    Figuring out the ultimate source of the attack can help network administrators identify system vulnerabilities. They can then use this information to address the vulnerability and shore up security.

    Reporting the Attack to the Authorities

    Beyond the obvious criminal implications of a cyberattack, law enforcement agencies have access to advanced tools that can aid in the recovery of stolen information. While not the typical outcome, sometimes data can be salvaged and the guilty brought to justice.

    Not Paying the Ransom

    While it may be tempting to pay for your data’s safe return, most experts strongly advise against this course of action. Beyond there being no guarantee the perpetrators will give you a decryption key, once an attacker gets paid, they’re much more likely to commit the same type of crime again.

    With nearly 500 million attacks last year alone, ransomware is a threat organizations can’t afford to ignore. By taking affirmative, proactive steps, businesses can greatly reduce the risk of an incursion. Should one take place, having a robust response plan will prove crucial to mitigating the damage.

    Intradyn offers best-in-class email archiving services that will keep your communications accessible and whole even in the event of a ransomware breach. Request a quote today to find out which of our scalable plans is right for your company.

    Avatar photo

    As the chief operating officer and co-founder of Intradyn, Adnan brings 20+ years of experience in the email retention and archiving space to shape Intradyn’s archiving solutions. As COO, Adnan oversees the company’s financial and human resources operations and takes the lead in managing the original equipment manufacturer relationship. Adnan provides wide-ranging oversight of Intradyn’s day-to-day operations to drive greater operational efficiency and grow the company’s global capabilities.

    Along with his business partner, Adnan successfully spun out Intradyn’s archiving business from Mirapoint Software Inc., where he held the position of vice president. Mirapoint Software was primarily focused on archiving solutions for program offices, customer support, corporate infrastructure and the supply chain. Prior to that, Adnan managed complex Internet Channel group projects at eFunds Corporation (now Fidelity National Information Services).

    Adnan holds a Bachelor of Science degree from Minnesota State University and a Master of Business Administration in IT and Finance from the University of St. Thomas.

    Build Strong Retention Policies That Keep Your Data Safe Get started with our data retention policy template.
    Build Strong Retention Policies That Keep Your Data Safe
    Get started with our data retention policy template.
    Send me the Data Retention Policy Plan