Ransomware can affect organisations of any size, and the number of ransomware attacks is on the rise. What can you do to protect your organisation from an attack?
Why is Ransomware a Problem?
Ransomware is software that’s designed to execute an attack on an organisation’s data or system. Once the attacker gains access, the ransomware locks or encrypts the data or system so that the organisation that owns it no longer has control over it. This kind of attack is usually spread through highly sophisticated and targeted phishing emails that trick the recipient into providing information that allows the attacker to gain access. In some cases, the attack is made directly by exploiting vulnerabilities in the target system. Once the attacker has control, they demand a ransom from the target organisation in exchange for relinquishing control over the system or data.
How to Protect Against Ransomware
Ransomware can be a serious threat, but it’s not all bad news. The fact is, while ransomware can cause major problems, many of the vulnerabilities that ransomware is designed to exploit are known vulnerabilities. This means it’s possible to protect your system and keep your organisation’s data safe from attackers. Providing your system is properly updated and protected, you can prevent most ransomware attacks from ever gaining access.
Find and protect vulnerable entry points
In order to prevent ransomware entering your system, you need to know how it enters the system. There are generally two possible methods of gaining access: human attack vectors and machine attack vectors.
Human attack vectors: Many cyberthreats need the “help” of human users to gain access to a system. For instance, phishing attacks that trick people into clicking malicious website links, opening attachments, or performing similar actions that allow malicious software to gain access to a system. In this instance, protection is all about educating your workforce so that they know how to use email and the internet safely.
Machine attack vectors: Machine-to-machine attacks typically involve the exploitation of system vulnerabilities, and don’t necessarily involve any human interaction. However, some kinds of machine attacks do involve human interaction; for instance, websites or advertising that contain malicious code don’t actively target specific people, and all it takes is clicking on an advertisement, or opening a webpage, to become infected. With these kinds of attacks, protection is about keeping software and systems up-to-date to eliminate vulnerabilities, and using antivirus and antimalware software to block cyberattacks.
Back up all data
There are plenty of good reasons to keep data backups, and ransomware is yet another one. Establishing a consistent backup strategy ensures that in the event of an attack, the data that’s been encrypted isn’t lost forever. Having data backups means that you’re less likely to have to consider paying a ransom or lose valuable data.
Develop an incident response plan
While it’s possible to protect your organisation from most forms of attack, there is always the chance that some new and undetected vulnerability may be exploited. This means that it’s important to be prepared for the possibility of attack with a dedicated incident response plan that you deploy in the event an attack does occur. A good plan should include the following elements:
- Be detailed, but also be flexible enough that it can be used to counter multiple kinds of attacks.
- Plans for maintaining clear and open communication. This is vital, because the organisation’s normal communication networks may be compromised due to the attack.
- Be tested regularly. Without rigorous testing, you have no way of knowing if the plan will be effective when it’s needed. Testing the plan also gives you the chance to identify and eliminate weak spots.
What to During and After an Attack
Prevention is by far the most important way to deal with ransomware, but it’s not possible to reduce your level of risk to zero. So, what do you do if your organisation is attacked?
This is where your incident response plan comes in. If your organisation is attacked, there are some essential steps to take to get the situation under control, and hopefully resolve it.
- Isolate the infection – prevent it from spreading throughout the organisation by separating every infected device from the network.
- Identify the infection – the infected devices will contain enough information that you can identify what kind of ransomware has been used in the attack.
- Deal with the infection – this means paying the ransom, trying to remove the malware to restore the system, or wiping the system altogether.
Unfortunately, the best option in most cases is the third one. However, if your organisation backs up its data regularly, wiping the system is only a temporary setback. Note that you must consider whether the ransomware might have been lying dormant in the system before it was activated. It’s therefore important to learn as much as possible about the ransomware to determine what the best restoration strategy will be.
Note that it’s also important to inform the appropriate authorities that an attack is taking place – preferably as soon as possible. This is vital if you plan on filing an insurance claim, and it’s also important to help law enforcement agencies monitor ransomware and cybercrime activities.
Worried about ransomware? Contact ACUTEC today to discuss the best way to protect your organisation.