Ransomware is big business, for the threat actors, and a serious risk for businesses. Unlike ransomware of old, current ransomware attacks are double or triple extortion attacks; not only do they lock you out of your data, they steal this data and threaten to expose it publicly, and may even use denial of service techniques to increase the pressure on you to pay the ransom.
There are several steps that organisations can take to defend against ransomware attacks:
Back up your data: Regularly back up important data and consider keeping multiple copies in different locations, such as on-premises, cloud, and offline storage. Regularly test the backups to ensure they are viable. This way, if your data is encrypted by ransomware, you can restore it from a backup without paying the ransom.
Keep software and systems updated: Keep all software and systems, including operating systems, applications, and firmware, updated with the latest security patches to help prevent vulnerabilities from being exploited.
Use anti-virus and anti-malware software: Use, and keep up-to-date, anti-virus and anti-malware software to detect and prevent malware from being installed on your systems.
Limit privileges: Limit the privileges of users and applications, so that even if malware is able to execute on a system, it will have limited access to sensitive data and resources.
Train your employees: Train employees to identify and report suspicious emails, links, or attachments, and to avoid clicking on links or opening attachments from unknown sources.
Implement Multi-Factor Authentication: Increasing the security around your accounts, by requiring a second authentication mechanism, will reduce the attacker’s ability to access compromised account.
Update perimeter controls: Use access control lists, such as on firewalls, to block incoming traffic from known malicious IP addresses and to monitor outgoing traffic for signs of malware communication. Keep these updated through threat exchanges to maintain these lists.
Use a web filter: Use a web filter to block access to known malicious websites and monitor web traffic for signs of malware downloads.
Use an intrusion detection and prevention system: Use an intrusion detection and prevention system to detect and block malicious network traffic.
Centralise monitoring activities: Whether through an outsourced Security Operations Centre (SOC), or in-house capability, centralise the monitoring of networks, systems, applications, and users to help identify suspicious activities within your environment.
Maintain your incident response plan: Develop and test an incident response plan, so that your organisation is prepared to respond quickly and effectively if a ransomware attack occurs.
Practice Crisis Management: Whilst the incident response team manage the technical aspects, the crisis management team will be considering the business impacts and activities required to manage these. Run desktop exercises to test the effectiveness of the crisis management plan, stakeholders understanding of it, and their understanding of their role within the plan.
Regularly review security measures: Review and update your security measures regularly to ensure they are effective against the latest ransomware threats.
It’s important to note that a multi-layered security approach will improve your ability to deter, or detect and respond to ransomware attacks.
ICA Consultancy has helped companies of various sizes and across various industries assess their capabilities in relation to defending against ransomware attacks, and helped them implement the required improvements.
Talk to us today. We can help!