Ransomware attacks are on the rise, and as businesses become more reliant on the internet and digital processes, they increase their risk of an attack. Businesses without an adequate cybersecurity plan leave themselves vulnerable to devastating malware attacks and costly recoveries. Understanding the threats and learning how to prevent ransomware from crippling your business is critically important.
8 best practices to prevent ransomware attacks
What is ransomware?
Ransomware is a form of malware attack designed to deny users access to their data and systems. Typically this is accomplished by encrypting a user's files and folders, though some ransomware variants encrypt entire system drives. Users are then required to pay a ransom, usually in the form of a cryptocurrency like Bitcoin, in exchange for the decryption key to unlock their data.
Ransomware attacks target both home users and businesses. However, because businesses operate on networks consisting of many interconnected devices, if one device gets infected, there is a risk that the ransomware could spread laterally throughout the network. One infected device can turn into many infected devices, possibly reaching and infecting critical systems leading to business-threatening downtime. Recovering from a serious ransomware attack can take weeks or even months which is why understanding how to prevent ransomware attacks is so vital.
How is ransomware distributed?
While ransomware attackers have developed many strategies to gain access to targeted devices, they often focus most of their efforts on the easiest and most successful methods. Here are a few of the most common attack vectors malicious actors use to distribute ransomware.
A phishing attack is a form of social engineering where bad actors send counterfeit messages, often via email, designed to deceive users. These messages usually contain malicious attachments that deploy malware or ransomware once opened. Phishing emails may also contain deceptive links which download malicious software over the web once the link is clicked.
Phishing is one of the most successful attack vectors because the messages are designed to appear as if sent from legitimate sources, often imitating sources you would commonly communicate with. The attachments also appear legitimate, often disguised as invoices or other critical files in the form of PDF, ZIP, Word, or Excel files.
2. Attacking vulnerable RDP ports
Another popular attack vector hackers use to distribute ransomware is accessing systems with publicly exposed RDP (remote desktop protocol) ports. Hackers can use port scanners to search the internet for systems with exposed RDP ports. Once identified, attackers will attempt to gain access to the system by exploiting security vulnerabilities or using brute force attacks to acquire the system's login credentials. In a report from Coveware, compromised RDP ports made up just over 50% of all ransomware attack vectors in Q3 of 2019.
Vulnerabilities are design flaws or weaknesses found in a system. If vulnerabilities go unpatched, threat actors can leverage them to gain unauthorized access to systems or enable remote code execution, often with the use of an exploit kit. Once a vulnerability has been exploited, threat actors can use them to distribute ransomware or other types of malware.
How to prevent ransomware attacks
Ransomware has become a very lucrative business for cyber criminals. Victims of ransomware attacks paid out at least $350 million in 2020, a 311% increase over the previous year, according to Chainalysis. Because of the potential for large financial gains, ransomware attacks show no sign of slowing down. However, there are many precautions businesses can take to help prevent ransomware attacks against their networks. Here are eight security measures that your business should utilize to help reduce your exposure to ransomware.
1. Provide frequent training
By far, the number one way to protect your business from ransomware is security training and awareness. That's not to say that training alone is enough to protect your business from a ransomware incident. That's why we have seven other security measures on this list you should be using. However, from a 2014 report published by IBM, over 95% of all security incidents were attributed to human error in some form.
Training should fall into two categories. There's training for IT professionals that consists of learning how to properly configure and maintain systems, and then there's security awareness training which should include everyone at your company.
Training for IT professionals is an obvious necessity, especially considering how quickly technology and processes evolve. However, general security and awareness training is equally as important, especially considering how successful phishing attacks are. It's incredibly important to help your users recognize and identify fraudulent emails. Users should be instructed to forward any suspicious emails directly to their security engineer before responding or clicking on any links or attachments.
2. Regularly deploy patches
Patch management is the process of distributing and applying updates to applicable devices, systems, and software and is a necessary component of IT security. Many updates distributed by developers are designed to fix security vulnerabilities, and if these vulnerabilities go unpatched, malicious actors can use them to distribute ransomware.
Unfortunately, deploying patches and updates on time can be difficult, especially for IT departments with limited resources. IT departments can quickly become overwhelmed by the sheer number of devices they manage, which is why it's often recommended and necessary to incorporate a patch management solution. Here at PDQ.com, we offer some of the most intuitive and feature-complete patch management solutions for Windows and Macs with PDQ Deploy and SimpleMDM. Even if our products don’t align with your business strategy, we encourage all organizations to develop a strategic patch management policy to keep their devices up to date.
3. Ensure critical data and systems are backed up
One of the only successful methods of recovering data that has been encrypted with ransomware is by restoring it from a backup. Having your critical data backed up has always been important, but as ransomware attacks increase, backups have become absolutely essential.
As you develop your backup strategy, it's important to segment your data backups to ensure they can't be encrypted as ransomware tries to propagate itself across the network. Having multiple backups using different technologies such as on-prem and cloud solutions increases the likelihood that your backup data won't be encrypted. One last consideration is to use tape backups, rotating and removing tapes on a regular schedule. Many organizations started moving away from tape backups as they're not the most attractive solution, but it's impossible for a tape backup that's not in a tape drive to be encrypted.
4. Properly configure firewalls
A firewall is a network security device that monitors inbound and outbound network traffic between an organization's internal network and the internet. Administrators configure rules to determine which traffic is allowed through the firewall and which traffic is blocked. Over the years, firewalls have evolved, and a new classification has emerged called next-generation firewalls (NGFW). NGFWs include several more layers of security, a key feature being application-level awareness, which significantly increases their effectiveness at blocking malicious threats.
5. Upgrade to NGAV and EDR
For years, companies have relied on antivirus software to protect their network from malicious threats. Unfortunately, traditional antivirus solutions often fall short of protecting endpoints from modern, sophisticated threats such as fileless zero-day vulnerabilities. To adapt to modern threats, many solution providers offer NGAV (next-generation antivirus) and EDR (endpoint detection and response). These solutions rely on much more sophisticated toolsets, such as artificial intelligence, machine learning, and behavioral analysis, to protect endpoints from malicious threats and are capable of isolating compromised endpoints if an intrusion occurs.
6. Enforce strong passwords and 2FA
As computer hardware becomes more advanced and software more intelligent, stronger password policies must be adopted. Here are some guidelines to consider when developing a password policy.
Password length is greater than password complexity. Longer passwords take considerably longer to brute force than shorter, more complex ones though a mixture of length and complexity is still recommended.
Lock accounts after several failed login attempts. Locking accounts after failed login attempts is a strong defense against brute force attacks.
Use password managers.
Don't allow users to re-use passwords.
Check passwords against compromised password databases.
Passwords shouldn't include personal information.
Enable 2FA (two-factor authentication) or MFA (multi-factor authentication). 2FA and MFA have proven hugely successful against account hijacking. 2FA or MFA should become a non-negotiable security measure adopted by all organizations.
7. Don't allow users to have admin rights
No matter how often your users ask to have administrative privileges on their device, don't allow it, even if they promise to stop constantly submitting IT support tickets. Users with administrative privileges are much more likely to install potentially malicious software or ransomware on their devices.
8. Implement access controls
Implement appropriate access controls for your users and their job functions. Adopt the principle of least privilege, which is the idea that users should be given the minimum levels of privileges necessary to perform their job functions.
Don't delay implementing your cyber security plan
If your business has a digital footprint, it's only a matter of time before you become a target of malicious actors. Learning how to prevent ransomware infections and taking the steps necessary to protect your organization is critical for businesses of all sizes. Remember, it's far cheaper to prevent a ransomware attack than it is to recover from one.
Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.