A ransomware attack can be deeply disruptive, if not devastating. Here are a few tips for how to lower your risks, and how to handle an attack should it happen. It’s much easier to handle an attack with a strategy already in place than with no plan at all.

by Brent Whitfield
Date Published August 18, 2021 - Last Updated January 20, 2023

Ransomware has emerged as the primary type of cyberattack. With the pandemic forcing everyone to rely on digital assets, ransomware attacks have only increased in both volume and severity. Malicious attackers have little conscience and cannot be expected to show mercy to anyone from essential services organizations to private corporations - no matter how many individuals or companies are affected by their attacks.

Ransomware is essentially a species of malware and often used as a mode of threatening organizations. They accomplish this by holding hostage their sensitive data and making the organizations pay for the return and security of that data. Ransomware attacks can block access to a system, device, or file until the attackers demands are met. Ransomware achieves this by encrypting all stolen sensitive information on the endpoint and threatening the victim with data erasure or, public disclosure or, simply by blocking system access. Some of the more sophisticated ransomware attacks are capable of holding entire servers and networks hostage using the same modus operandi. Ransomware attacks are particularly damaging when they target critical infrastructure whether operated by public or private entities. In fact, ransomware attacks take advantage of the fact that some industries can’t afford to wait.

Essentially, this mode of attack corners enterprises to quite literally be caught between a rock and a hard place, where they must make a difficult choice. They can either choose to pay the ransom that the attackers demand to have their files decrypted, or take steps to mitigate the damage from the attack and restore their operations as quickly as possible. Either way, it’s a losing proposition for the victim, one that ends up costing them thousands of dollars, if not a complete breakdown of services and, in some cases, a permanent shutdown of the organization.

Many organizations in the past have chosen to pay the ransom simply to prevent the huge losses resulting from long downtimes and to protect their data. Recent data indicates that the average cost of US municipal attacks ended up costing $400,000 on average.

Threat mitigation is always more time-consuming when enterprises are not prepared for cyberattacks, and this is a case where prevention is truly better than the cure. In this article, we will outline steps as to how you can prevent your organization from becoming a victim of ransomware attacks. IT Consulting services can help your organization remain prepared for any kind of cyberattack including ransomware.

Why You Shouldn’t Pay the Ransom

The FBI strongly counsels against paying ransomware attackers, and many states and governments have already formed or are in the process of forming laws against paying ransomware attackers. Additionally, the long-term consequences of paying inevitably surpass the short-lived benefits nearly every single time.

The fact is that even though you pay the ransom, there is no guarantee that the attackers will actually keep their word and return your data safely to you. They could simply choose to turn their backs and either increase their demands or disclose your data anyway. They could even sell your data. Some reputed hackers do follow a code of conduct and guarantee the safe restoration of data once the ransom is paid, but these are few and far in between. The safe rule of thumb to follow in this case would be to not trust the people holding your business and your data ransom.

Moreover, paying for the attacks has the added disadvantage of masking the real problem. If the hackers used an existing vulnerability to gain access to your secure systems, then paying them limits your ability to trace exactly what steps they used to gain access in the first place. This leaves you wide open to more attacks in the future, possibly from the same source. Paying also reiterates the utility of ransomware attacks as a highly profitable venture. This not only encourages further attacks in the future, but can also single out your business as an easy mark for cyberattacks.

What to Do

Here are a few best practices to consider for ransomware mitigation

Maintain Backup Your Files

The single most important step in ransomware threat mitigation is to back up your data safely and regularly, and to make sure that the backups remain accessible when you need them. Backup files should always be stored in the system that’s not connected to your main network. You also need to regularly verify the backup so you can remain assured that the mission critical files and data are up to date. If you can remain assured of the efficiency of your recovery process, you essentially eliminate the need to pay the ransom.

System-Level Protections

You can protect your organization from attacks by making sure that all your operating systems, applications, and software are updated regularly. Always remember that updates and software patches are used to patch up current vulnerabilities in the system, so implementing these regularly will help you close security gaps. Remember to turn on auto updates wherever possible. Make use of reputed anti-malware products that can help you detect and block many types of attacks. Most attacks are perpetrated through emails and infected websites, so you should take care to deploy an effective email scanner to highlight any suspicious attachment. Blocking access to suspicious executable files is a key step in mitigating threats.

Network Level Protections

You can prevent malicious codes from entering your network by using effective firewalls. They are also useful in blocking or limiting the remote management services that hackers often use to perpetrate attacks. Well-configured firewalls can also minimize spam, stop infected emails, and limit file extension types in emails to only the relevant ones for your organization.

Train the Team for Enhanced Security Awareness

Your workers remain the most vulnerable point of entry for any kind of cyber-attack. This is why security awareness and proper training is critical in mitigating attacks. When employees are aware enough to spot and raise a flag for any kind of suspicious activity that they may come across, your organization will remain secure from most kinds of attacks. But this requires patient and consistent training across your organization, and developing a participatory culture of proactive defense. Also remember that the same kind of training may not work for technical and non-technical members of your team.

Deploy a Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) essentially seeks out malicious activity by studying anomalies in network traffic logs and comparing them to known threat signatures. An effective IDS regularly updates signatures and raises an alert quickly whenever it detects potential malicious activity.

Cyber Insurance Policy

When you know you might eventually come across a risk - it’s always better to have insurance. This can help your organization to recover losses in case of a ransomware attack. Cyber insurance policies are becoming increasingly popular to help protect against data breaches and other threats. Work closely with your insurance provider to understand if they can actually cover the cost for paying a ransom or not.

The bottom line is that it pays to be prepared for a ransomware attack. It’s much easier than devising a strategy in the midst of a crisis.

Brent Whitfield is the CEO of DCG Technical Solutions LLC. DCG provides specialist advice and IT Consulting Los Angeles area businesses need to remain competitive and productive while being sensitive to limited IT budgets. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. He also leads SMBTN – Los Angeles, a MSP peer group that focuses on continuing education for MSP’s and IT professionals.

Tag(s): supportworld, service quality, security management, best practice

Related:

More from Brent Whitfield :


Comments: