Ransomware attacks are on the rise, and as businesses become more reliant on the internet and digital processes, they increase their risk of an attack. Businesses without an adequate cybersecurity plan leave themselves vulnerable to devastating malware attacks and costly recoveries. Understanding the threats and learning how to prevent ransomware from crippling your business is critically important.
Ransomware is a form of malware attack designed to deny users access to their data and systems. Typically this is accomplished by encrypting a user's files and folders, though some ransomware variants encrypt entire system drives. Users are then required to pay a ransom, usually in the form of a cryptocurrency like Bitcoin, in exchange for the decryption key to unlock their data.
Ransomware attacks target both home users and businesses. However, because businesses operate on networks consisting of many interconnected devices, if one device gets infected, there is a risk that the ransomware could spread laterally throughout the network. One infected device can turn into many infected devices, possibly reaching and infecting critical systems leading to business-threatening downtime. Recovering from a serious ransomware attack can take weeks or even months which is why understanding how to prevent ransomware attacks is so vital.
While ransomware attackers have developed many strategies to gain access to targeted devices, they often focus most of their efforts on the easiest and most successful methods. Here are a few of the most common attack vectors malicious actors use to distribute ransomware.
A phishing attack is a form of social engineering where bad actors send counterfeit messages, often via email, designed to deceive users. These messages usually contain malicious attachments that deploy malware or ransomware once opened. Phishing emails may also contain deceptive links which download malicious software over the web once the link is clicked.
Phishing is one of the most successful attack vectors because the messages are designed to appear as if sent from legitimate sources, often imitating sources you would commonly communicate with. The attachments also appear legitimate, often disguised as invoices or other critical files in the form of PDF, ZIP, Word, or Excel files.
Another popular attack vector hackers use to distribute ransomware is accessing systems with publicly exposed RDP (remote desktop protocol) ports. Hackers can use port scanners to search the internet for systems with exposed RDP ports. Once identified, attackers will attempt to gain access to the system by exploiting security vulnerabilities or using brute force attacks to acquire the system's login credentials. In a report from Coveware, compromised RDP ports made up just over 50% of all ransomware attack vectors in Q3 of 2019.
Vulnerabilities are design flaws or weaknesses found in a system. If vulnerabilities go unpatched, threat actors can leverage them to gain unauthorized access to systems or enable remote code execution, often with the use of an exploit kit. Once a vulnerability has been exploited, threat actors can use them to distribute ransomware or other types of malware.
Ransomware has become a very lucrative business for cyber criminals. Victims of ransomware attacks paid out at least $350 million in 2020, a 311% increase over the previous year, according to Chainalysis. Because of the potential for large financial gains, ransomware attacks show no sign of slowing down. However, there are many precautions businesses can take to help prevent ransomware attacks against their networks. Here are eight security measures that your business should utilize to help reduce your exposure to ransomware.
By far, the number one way to protect your business from ransomware is security training and awareness. That's not to say that training alone is enough to protect your business from a ransomware incident. That's why we have seven other security measures on this list you should be using. However, from a 2014 report published by IBM, over 95% of all security incidents were attributed to human error in some form.
Training should fall into two categories. There's training for IT professionals that consists of learning how to properly configure and maintain systems, and then there's security awareness training which should include everyone at your company.
Training for IT professionals is an obvious necessity, especially considering how quickly technology and processes evolve. However, general security and awareness training is equally as important, especially considering how successful phishing attacks are. It's incredibly important to help your users recognize and identify fraudulent emails. Users should be instructed to forward any suspicious emails directly to their security engineer before responding or clicking on any links or attachments.
Patch management is the process of distributing and applying updates to applicable devices, systems, and software and is a necessary component of IT security. Many updates distributed by developers are designed to fix security vulnerabilities, and if these vulnerabilities go unpatched, malicious actors can use them to distribute ransomware.
Unfortunately, deploying patches and updates on time can be difficult, especially for IT departments with limited resources. IT departments can quickly become overwhelmed by the sheer number of devices they manage, which is why it's often recommended and necessary to incorporate a patch management solution. Here at PDQ.com, we offer some of the most intuitive and feature-complete patch management solutions for Windows and Macs with PDQ Deploy and SimpleMDM. Even if our products don’t align with your business strategy, we encourage all organizations to develop a strategic patch management policy to keep their devices up to date.
One of the only successful methods of recovering data that has been encrypted with ransomware is by restoring it from a backup. Having your critical data backed up has always been important, but as ransomware attacks increase, backups have become absolutely essential.
As you develop your backup strategy, it's important to segment your data backups to ensure they can't be encrypted as ransomware tries to propagate itself across the network. Having multiple backups using different technologies such as on-prem and cloud solutions increases the likelihood that your backup data won't be encrypted. One last consideration is to use tape backups, rotating and removing tapes on a regular schedule. Many organizations started moving away from tape backups as they're not the most attractive solution, but it's impossible for a tape backup that's not in a tape drive to be encrypted.
A firewall is a network security device that monitors inbound and outbound network traffic between an organization's internal network and the internet. Administrators configure rules to determine which traffic is allowed through the firewall and which traffic is blocked. Over the years, firewalls have evolved, and a new classification has emerged called next-generation firewalls (NGFW). NGFWs include several more layers of security, a key feature being application-level awareness, which significantly increases their effectiveness at blocking malicious threats.
For years, companies have relied on antivirus software to protect their network from malicious threats. Unfortunately, traditional antivirus solutions often fall short of protecting endpoints from modern, sophisticated threats such as fileless zero-day vulnerabilities. To adapt to modern threats, many solution providers offer NGAV (next-generation antivirus) and EDR (endpoint detection and response). These solutions rely on much more sophisticated toolsets, such as artificial intelligence, machine learning, and behavioral analysis, to protect endpoints from malicious threats and are capable of isolating compromised endpoints if an intrusion occurs.
As computer hardware becomes more advanced and software more intelligent, stronger password policies must be adopted. Here are some guidelines to consider when developing a password policy.
Password length is greater than password complexity. Longer passwords take considerably longer to brute force than shorter, more complex ones though a mixture of length and complexity is still recommended.
Lock accounts after several failed login attempts. Locking accounts after failed login attempts is a strong defense against brute force attacks.
Use password managers.
Don't allow users to re-use passwords.
Check passwords against compromised password databases.
Passwords shouldn't include personal information.
Enable 2FA (two-factor authentication) or MFA (multi-factor authentication). 2FA and MFA have proven hugely successful against account hijacking. 2FA or MFA should become a non-negotiable security measure adopted by all organizations.
No matter how often your users ask to have administrative privileges on their device, don't allow it, even if they promise to stop constantly submitting IT support tickets. Users with administrative privileges are much more likely to install potentially malicious software or ransomware on their devices.
Implement appropriate access controls for your users and their job functions. Adopt the principle of least privilege, which is the idea that users should be given the minimum levels of privileges necessary to perform their job functions.
If your business has a digital footprint, it's only a matter of time before you become a target of malicious actors. Learning how to prevent ransomware infections and taking the steps necessary to protect your organization is critical for businesses of all sizes. Remember, it's far cheaper to prevent a ransomware attack than it is to recover from one.