3 critical steps to protecting against ransomware
Ransomware attacks have escalated to the point that the U.S. government is now treating them as acts of terrorism. This is not an overreaction. These attacks have caused massive operational disruption to local governments, law enforcement, educational institutions, healthcare networks, critical infrastructure, and more. No industry, organization, or person is immune to these attacks.
Ransomware is not a new threat, but it has evolved into a more destructive creature. Criminals have expanded their skill sets and refined their tactics to create a double extortion scheme. They base their ransom demands on research they perform ahead of the attack. They steal sensitive data from their victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. Since criminals cannot be trusted, victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret. Some ransomware criminals will accept payment but sell the data anyway.
There has never been any guarantee that paying a ransom would result in the recovery of all encrypted data. Victims should now understand that any data stolen in a ransomware attack is compromised forever. There is simply no reason to pay criminals for their crimes.
How to protect your company from ransomware
Protecting your company from ransomware attacks is all about protecting your data. You can break this down into three focus areas:
- Protect your credentials. Phishing is the primary attack vector for ransomware, so you must maintain a culture of awareness around credential security. Develop a process to train users on email security and deploy anti-phishing technology that can identify and flag unusual activity. If the attacker cannot access credentials, it is much more difficult to escalate the attack from phishing to ransomware.
- Secure your web applications. Online applications like file-sharing services, web forms, and e-commerce sites can be compromised by attackers. Web applications are attacked through the user interface or an API interface. Often these attacks involve credential stuffing, brute force attacks, or OWASP vulnerabilities. Once the application has been compromised, the attacker can introduce ransomware and other malware into the system. This can go on to infect your network as well as the users of your application.
- Backup your data. It is critical that you have a backup that meets these standards:
- Comprehensive — You should be aware of the location of all data on your network. This includes configuration files, user documents, and archived data around employees, clients, etc. All this data should be backed up, and data that is currently used should be backed up at least once per day.
- Resilient — When ransomware attacks your network it encrypts your data and attempts to disable backup systems and destroy backup files. The safest approach is to deploy a backup system that replicates data to a cloud that offers unlimited storage and a robust search and restore capability. Office 365 users should add third-party cloud backup to protect SharePoint, Teams, Exchange, and OneDrive data.
- Comprehensive — You should be aware of the location of all data on your network. This includes configuration files, user documents, and archived data around employees, clients, etc. All this data should be backed up, and data that is currently used should be backed up at least once per day.