As of 2020, ransomware attacks have been estimated to have cost UK businesses a total of £365 million. This is why organisations want to increase their security measures against these attacks before their important files get locked out or sold to the dark web.
How exactly can they boost their cybersecurity against ransomware attacks? There is no way to protect the organisation against malware attacks using ransomware, but organisations can use multiple layers of defence with mitigation at each layer. This is what the National Cyber Security Centre (NCSC) suggests organisations should do to detect malware and prevent it from causing major damage.
Preventing Ransomware Attacks
Backup data regularly
Sort files to identify the most critical ones to the organisation and its operation. Back these files up frequently, possibly every few hours, and test your backups process to ensure you can recover if disaster strikes.
Keep offline backups in a different location to ensure that there will still be a copy of the files even after a disaster occurs.
Save separate copies of backups in different storage locations, and consider using multiple backup solutions. Don’t put two copies in the same cloud service or on a single drive.
Don’t connect storage devices that contain the backups to the Internet or the organisation’s network to prevent computer hackers from getting to them, as well.
Talk to your cloud service provider about keeping old versions of the backups and restoring them as required. This will give the organisation access to the backup files even though the live data is encrypted, deleted, or modified by hackers.
Only recovery from devices that are 100% clean and isolated from the attack in the event your backups are compromised as well.
To be sure, scan backups for any malicious files before restoring them (if possible). The attack might have reached the backups before your cyber security measures kicked in.
Patch products used to save and recover backups so hackers won’t find any easy vulnerability that they can exploit.
Prevent malicious files from getting to your network and devices
Do not click on links from unknown and unverified senders. Computers can get infected once they click on these links, and the malicious file gets downloaded to their computer. The ransomware will encrypt your data, lock people out of their computers, and hold that data hostage unless the organisation pays a ransom – even if you pay there’s zero guarantee your files can be recovered.
Do not open unverified attachments. Check the email address correctly if it did come from who the sender claimed they are. Assess how genuine the email is and its attachments.
Download only from trusted sites. This reduces the risk of encountering ransomware. Use only sites with a secure “https” and a lock or shield symbol instead of merely the “http.”
Scan and filter emails first. This helps lessen the risk of spam email with malware from arriving in your inbox.
Update your computers’ operating system and application software. This will protect computers from known software vulnerabilities with bad guys exploiting them.
Invest in security software. As these ransomware attacks become more rampant and more costly, it only makes sense to use security software. These are designed to detect, block, and remove malicious files and prevent them from infecting computers. Make sure to keep your antivirus security software applications updated and ready to help defend against the latest security threats.
Conduct penetration testing regularly
Ask ethical hacking experts to test the organisation’s IT system (more suitable for complex environments or where servers are connected directly to the Internet). Given the rise in these ransomware attacks, some organisations decided to work with hackers who know how these attacks work. They conduct penetration testing by attacking their client’s computer systems, pinpointing weak spots, and identifying what these vulnerabilities are. This way, their clients can patch things up before the black-hat hackers exploit them.
A white hat hacker (one of the good guys) can also conduct training for employees on what they can do to prevent malware attacks. These trained security professionals can take your employees through every step that a black hat hacker (bad guys) may take to launch the attack. This also doubles up as a good awareness campaign that can put organisations and their keep employees on their alert for against potential attacks.
Preparing for a Potential Attack
Ransomware attacks can ruin organisations for good if they have untested restore and recovery procedures. Even when they do recover, it might take time for them to make up for the lost time and repair their potentially ruined reputation.
Do the following to at least make recovery as quickly as possible:
- Determine the potential impact of an attack, especially on the organisation’s critical assets.
- Always prepare for an attack. It would be better to assume that the organisation will be attacked so all the employees will have their defences raised.
- Prepare a communication strategy for when the attack does occur. This will ensure that the recovery plan will be in order and put into action despite the regular communications coming down during the incident.
- Develop a response plan when the hackers start demanding payments for ransom. However, experts discourage victims from playing a ransom because it does not guarantee that they will get their files back or that all the malicious files are 100% removed from the system.
- Store the disaster recovery plan and other necessary resources somewhere accessible even if the computer systems are down during an attack.
- Know the organisation’s legal obligations in reporting the attack to the proper authorities.
- Conduct a run-through of the disaster recovery plan involving ransomware attacks or other cyber threats. This will help the organisation predict how long it will take to recover and restore backup files, what steps are needed to complete the backup process, and how to handle the critical parts of the business operation.
What to Do During the Ransomware Attacks
Even if you’ve trained employees to protect their devices and the system against malware and work with a hacking simulator for penetration testing, an attack may still succeed. If this happens, the organisation should do the following:
- Isolate the infected device. Disconnect it from the Internet and the organisation’s network to minimise the infection’s risk of spreading to other devices.
- Do not pay the ransom. Paying it does not mean that the criminals will return the data. Doing so will also encourage them to commit the crime over and over again.
- Remove any malicious files. Scan the infected devices with anti-malware software and use a ransomware decryption tool to remove it. Use only the latest versions of these tools so they will be thorough in locating and removing the ransomware.
- Restore data from backups. Ensure that these are only clean backup files that are malware-free.
Falling victim to ransomware can cost organisations money and impact their hard-earned reputation, but there are always ways to boost your security against malicious attacks. Follow the points mentioned above and be more aggressive in guarding your IT systems against cybercriminals.