Three Things You Can Do to Prevent Ransomware Attacks

By Eric Noonan • July 26, 2016

With ransomware attacks on the rise in 2016, a lot of organizations are scared.  According to the KnowBe4 2016 Ransomware Threat Concerns survey, many organizations don’t have faith in their backup systems, which compounds the fear of a Crypto-Locker style attack.  The survey of over 1100 companies found that 38% of the companies asked had been hit with a ransomware attack in 2016, up from 20% in 2014.  Ransomware attackers aren’t just limiting attacks to a single industry.  They are hitting hospitals, banking institutions, the manufacturing industry, and state and local governments.

What can you do to protect your organization and prevent ransomware attacks from occurring in the first place?  Here are three things you can do today to shore up your defenses:

  1. Awareness and Training: Distribution of ransomware generally occurs in a series of steps according to Sophos.  First, the ransomware is installed on a victim’s computer, through a phishing email or malicious file downloaded from the Internet.  Next, once installed, it establishes communication with a server that is owned by the criminal group that initiated the ransomware. Once communication is established, a series of handshakes and keys are exchanged to identify client and server.  One key is kept on the victim’s machine, while the other is stored on the server.  Once the key is established, the ransomware begins the task of encrypting every file it finds.  Then finally the ransomware app displays a screen demanding money for the key to decrypt the files.  Payment is usually in the form of some sort of untraceable currency such as bitcoin or other electronic payment. Armed with this knowledge, you can begin to develop and tailor your security awareness training to incorporate recognizing suspicious emails, and teach employees not to download software from untrusted websites.  What’s that you say?  You don’t have a security awareness program?  Believe it or not, you are not alone.  Many organizations include some type of computer security as part of an overall new hire training, but employees aren’t required to re-certify.
  2. Test your backup systems: As mentioned earlier, according to the survey, many companies do not trust their backup systems enough to feel confident recovering from a ransomware attack. The simplest thing to do is test your backups regularly.  Develop a test plan and procedure, simulate a ransomware attack and see how everyone performs.  Hold an after-action meeting, document the lessons learned and update your test plan.  Then repeat.   Sure, it’s easier said than done because we all have day jobs.  But would you rather spend some extra money to support a backup test or give money away to cybercriminals to get your files back?  Testing your backups can be worked into a quarterly cycle and the tests should be as realistic as possible on the hardware that your company uses.  Not only should you focus on ransomware attacks, but other kinds of cybersecurity incidents and you can even work in a disaster recovery scenario.
  3. Assess your readiness: While 1 and 2 are important, you can take it one step further and test your readiness now. Assess your security team.  Ask them questions about ransomware.  “Do we have a cyber incident response plan?  Does it incorporate all threat vectors including ransomware?” Those are just some good starters.  To be really effective, a full information security assessment might be necessary to get the bigger picture of your organization’s security posture.  While ransomware attacks are keeping many CIOs up at night, there are far worse things, like data theft due to a breach.  That is much more damaging to your business’s reputation and has a significant financial impact.

Whatever keeps you up at night, let CyberSheath help you get started to shoring up your security.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security