We have recently started seeing a dramatic increase in ransomware activity in Namibia, and unfortunately some companies being targeted and suffering ransomware infections, downtime and data loss. With that in mind, we just wanted to share some resource and several fundamental actions and preventative measures that a company can take to minimize their exposure to and the potential impacts of a ransomware attack. I have also attached an updated threat intelligence report based on data for Namibia and how our security posture compares globally, as well as a whitepaper on the importance of awareness training and backup strategy.
Below are some additional links that provides more information. Should you be concerned over your security posture or would like a more detailed discussion on how to mitigate these threats, please let us know, we will be happy to assist.
- https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/how-to-prevent-ransomware/
- https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/
- https://www.checkpoint.com/solutions/anti-ransomware/
- https://www.veeam.com/ransomware-protection.html
5 Ways To Prevent Ransomware
1. Robust Data Backup
The goal of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data backup solution is an effective way to mitigate the impact of a ransomware attack. If systems are backed up regularly, then the data lost to a ransomware attack should be minimal or non-existent.
However, it is important to ensure that the data backup solution can’t be encrypted as well. Data should be stored in a read-only format to prevent the spread of ransomware to drives containing recovery data.
2. Cyber Awareness Training
Phishing emails are one of the most popular ways to spread ransom malware. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals can gain access to the employee’s computer and begin the process of installing and executing the ransomware program on it.
Frequent cybersecurity awareness training is crucial to protecting the organization against ransomware. This training should instruct employees to do the following:
- Not click on malicious links
- Never open unexpected or untrusted attachments
- Avoid revealing personal or sensitive data to phishers
- Verify software legitimacy before downloading it
- Never plug an unknown USB into their computer
- Use a VPN when connecting via untrusted or public Wi-Fi
3. Strong, Secure User Authentication
Cybercriminals commonly use the Remote Desktop Protocol (RDP) and similar tools to gain remote access to an organization’s systems using guessed or stolen login credentials. Once inside, the attacker can drop ransomware on the machine and execute it, encrypting the files stored there.
This potential attack vector can be closed through the use of strong user authentication. Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical components of an organization’s cybersecurity strategy.
4. Up-to-Date Patches
WannaCry, one of the most famous ransomware variants in existence, is an example of a ransomware worm. Rather than relying upon phishing emails or RDP to gain access to target systems, WannaCry spread itself by exploiting a vulnerability in the Windows Server Message Block (SMB) protocol.
At the time of the famous WannaCry attack in May 2017, a patch existed for the EternalBlue vulnerability used by WannaCry. This patch was available a month before the attack and labeled as “critical” due to its high potential for exploitation. However, many organizations and individuals did not apply the patch in time, resulting in a ransomware outbreak that infected 200,000 computers within three days.
Keeping computers up-to-date and applying security patches, especially those labeled as critical, can help to limit an organization’s vulnerability to ransomware attacks.
5. Anti-Ransomware Solutions
While the previous ransomware prevention steps can help to mitigate an organization’s exposure to ransomware threats, they do not provide perfect protection. Some ransomware operators use well-researched and highly targeted spear phishing emails as their attack vector. These emails may trick even the most diligent employee, resulting in ransomware gaining access to an organization’s internal systems.
Protecting against this ransomware that “slips through the cracks” requires a specialized security solution. In order to achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviors commonly exhibited by ransomware, and if these behaviors are detected, the program can take action to stop encryption before further damage can be done.
Ransomware Protection for Your Organization
These are some of the most important, fundamental ways to help your organization protect from ransomware attacks:
- Back up all your data. One of your most important responsibilities is backing up all your company’s data. If something goes wrong, you should be able to quickly and easily revert to a previous version of your system. This won’t actively protect you from being the target of an attack, but if you’re ever attacked, the fallout won’t be nearly as devastating. You may be able to completely avoid paying the ransom or suffering ill effects by restoring your systems back to a previous version; but to do this, you need to back up your data regularly, and keep that backed up data safe.
- Keep your software updated. Ransomware attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalizing on them. Fortunately, some developers are actively searching for new vulnerabilities and patching them out. If you want to make use of these patches, you need to have a patch management strategy in place—and you need to make sure all your team members are constantly up-to-date with the latest versions.
- Utilize better threat detection. Most ransomware attacks can be detected and resolved before it’s too late. You need to have automated threat detection in place in your organization to maximize your chances of protection.
- Adopt multifactor authentication. Multifactor authentication forces your users to verify their identities in multiple ways before they’re granted access to a system. This way, if an employee mistakenly gives their password to a cybercriminal, the criminal still won’t be able to gain easy access to your systems.
- Issue bare minimum privileges. Your employees should never have more access to your data than they truly need. Segmenting your organization and restricting access can provide a kind of quarantining effect, minimizing the impact of a potential attack and limiting the vectors of access.
- Scan and monitor emails. Emails are a common choice of cybercriminals executing phishing schemes, so take the time to scan and monitor emails on an ongoing basis, and consider deploying an automated email security solution to block malicious emails from ever reaching users.
- Scan and monitor file activity. It’s also a good idea to scan and monitor file activity. You should be notified whenever there’s a suspicious file in play—before it becomes a threat.
- Improve employee training. Most ransomware attacks are the byproduct of bad employee habits, or pure ignorance. Someone may voluntarily give out their password, or may download an unfamiliar file to their work device. With better employee training, the chances of this happening are much lower.
- If you’re the subject of an attack, don’t pay the ransom. Finally, if you happen to be the victim of a ransomware attack, don’t pay the ransom. It might seem tempting to get out of this bad situation as quickly as possible, but even after paying the ransom, there’s no guarantee that the attacker is going to be true to their word.