8 Ways to Stop a Ransomware Attack Before it Starts (& What to Do If One Gets Through)
These days, we all live and breathe technology. There isn’t much in our daily lives that doesn’t depend on technology, and that’s certainly true of the workspace. Between desktops, laptops, tablets and phones, there are a plethora of devices connected to corporate networks. That’s to say nothing of the on-site servers or cloud storage accounts nearly all organizations maintain. That’s why a malicious network breach is the nightmare scenario for every IT professional.
Ransomware, a type of malware, should be of particular concern. In a ransomware attack, access to sensitive data on a machine or network is closed off until a ransom is paid to the person or entity behind the attack. Given the amount of sensitive information most companies hold, this type of attack can prove very costly. In 2017, WannaCry infected over 230,000 computers, forcing four-day shutdowns at major corporations around the world. Globally, ransomware is expected to cost the economy more than $265 billion annually by 2031.
This blog will break down the different types of ransomware attacks companies are likely to face, how to go about preparing for ransomware attacks and how to minimize the damage from a ransomware attack, should one occur.
Types of Ransomware
While these attacks take many forms, they can mostly be divided into three broad categories:
- Leakware: In this type of attack, the perpetrator threatens to release sensitive information unless a ransom is paid.
- Lockers: As the name implies, this type of attack will lock down the infected machine or system until the perpetrator receives payment.
- Encryption: By far the most frequent type of ransomware attack, attackers will encrypt data and only provide the key once payment is received.
How to Prepare for a Ransomware Attack
Figuring out how to prepare for a ransomware attack can be a bit overwhelming. That’s why there’s an entire rapidly growing field of IT risk management built around preparing for ransomware attacks. Fortunately, there are some basic steps that nearly all cybersecurity experts agree you should take to help safeguard your system and allow your enterprise to keep running should this type of malware make it through.
Keep Systems & Software up to Date
It’s a constant battle between those attempting to keep your data safe and those trying to break through. Many updates have security patches that repair previously discovered vulnerabilities, which is why it’s important to always update your software and systems.
Install Anti-virus Software & Firewalls
Firewalls are network security devices that keep track of what’s going in and out of the network. They are your first line of defense against any type of malware and keep Trojans, worms and other types of invaders from ever making it into your machine or system.
Anti-virus software is a kind of triage once ransomware has made it into your system, scanning for a variety of threats and attempting to neutralize them when found.
For many types of ransomware attacks, once a machine or closed system is compromised, there is very little you can do to mitigate the damage. That’s why most network managers will tell you to divide your global network into smaller subnetworks. Each subnetwork acts like a ship section, with bulkheads that can slam down between them in the event of a breach. The end goal being to save the overall network, even if a portion is lost.
As companies scale, the number of devices on a given network will inevitably increase. Each of those devices serves as a potential point of entry for malicious software. To combat this, administrators need to be able to monitor and respond to threats in real time. Endpoint protection platforms and endpoint detection and response programs are great tools for this.
Clicking the wrong link or opening a suspicious email are two ways ransomware can enter your system. In fact, email is one of the top two attack vectors for data breaches in general. Employee training on these methods along with safe ways to access secure information will help keep human error from leading to a major network issue.
Test & Re-test
Because cyber threats are continuously evolving, it’s imperative to constantly test your system for vulnerabilities that new generations of attacks might exploit. Once you’ve identified a vulnerability, address it immediately. You should also reevaluate user privileges regularly to keep your network segmentation healthy.
Back up Your Data
One of the main reasons ransomware attacks are successful is because the cost of paying the ransom is often lower than the cost of a service interruption. By regularly backing up your data to secure, offline, storage, you’ll ensure continued access to vital information.
Emails document the day-to-day operations of modern organizations. Being able to access them on demand can be crucial in a variety of situations. Using a reliable email archiver with an easy-to-use interface and solid disaster recovery capabilities ensures access to all your email communications even if you’re locked out of the network.
How to Minimize Damage from a Ransomware Attack
Sometimes even the best-laid defenses fail. In those cases, your first concern should be how to minimize the ransomware attack’s damage. It’s important to have a detailed response plan in place so everyone knows their exact role in combating the threat. This ensures a rapid response that will prove critical in mitigating the damage caused by the breach. You can customize your plan according to your company’s needs but, at a bare minimum, it should include:
Isolating Infected Systems
Isolating infected machines and network segments can prevent the virus from spreading and compromising other systems.
Identifying the Source of the Incursion
Figuring out the ultimate source of the attack can help network administrators identify system vulnerabilities. They can then use this information to address the vulnerability and shore up security.
Reporting the Attack to the Authorities
Beyond the obvious criminal implications of a cyberattack, law enforcement agencies have access to advanced tools that can aid in the recovery of stolen information. While not the typical outcome, sometimes data can be salvaged and the guilty brought to justice.
Not Paying the Ransom
While it may be tempting to pay for your data’s safe return, most experts strongly advise against this course of action. Beyond there being no guarantee the perpetrators will give you a decryption key, once an attacker gets paid, they’re much more likely to commit the same type of crime again.
With nearly 500 million attacks last year alone, ransomware is a threat organizations can’t afford to ignore. By taking affirmative, proactive steps, businesses can greatly reduce the risk of an incursion. Should one take place, having a robust response plan will prove crucial to mitigating the damage.
Intradyn offers best-in-class email archiving services that will keep your communications accessible and whole even in the event of a ransomware breach. Request a quote today to find out which of our scalable plans is right for your company.