Ransomware is an issue that many companies run into. According to the 2023 Ransomware Trends Report, 85% of companies surveyed experienced at least one cyberattack in the last 12 months. Of those affected, only 66% of their data was recoverable. Although ransomware is undeniably a threat, the risk can be greatly mitigated by having a defensive strategy.
The same statistics show that 16% of these companies did not pay a ransom. They recovered because they had robust ransomware prevention systems in place.
Ransomware prevention is a series of proactive measures you can take to reduce the risk of attack. In order to make cyberattacks harder to pull off, you need to ensure you have robust identity and access management (IAM) policies in place. To compliment your IAM, you should have strong security tools like SIEM and XDR to assist your security teams with detecting, monitoring, investigating, and responding to threats. Finally, ensure you have a failsafe set of backups that allow for a swift and clean recovery should the attack succeed. These measures can include:
- Robust identity and access controls
- Email security
- Network segmentation
- Regular software updates
- Consistent employee training
- Web browser security
- Hardened endpoints
The second aim is to ensure you have access to secure and immutable backups and snapshots to facilitate data recovery in case of a successful attack.
Understanding Ransomware: A Quick Primer
Ransomware is malicious software that encrypts the victim’s information and data. According to the FBI, common methods that cyber-criminals use to gain access to devices and apps include:
- Phishing: Email, text messages, or social media posts that contain links to sites hosting malicious malware
- Drive-by attacks: Visiting an infected website that downloads malware to the victim’s device or system
- Exploiting software flaws: Gaining access to systems through software vulnerabilities in endpoints and servers
- Infected removable drives: Inserting removable drives, such as USBs, that contain the malicious virus or malware to infect devices
- Social-engineering attacks: These attacks target employees or contractors of a business to get the victim to divulge sensitive or confidential information with the goal to do harm.
Once cybercriminals gain access to your systems, they download ransomware execution software that searches for dataservers to encrypt. Once encrypted, cybercriminals demand that victims pay a ransom in exchange for a decryption key. It’s also common for these criminals to exfiltrate files containing sensitive data and threaten to release or sell that data unless you pay the ransom.
Unfortunately, paying the ransom does not always work. In one out of four instances, the decryption key is defective. Even when the key works, on average, only 55% of the encrypted data is recoverable.
The Crucial Role of Ransomware Prevention
Ransomware attacks are highly profitable for cybercriminals. According to the Financial Crimes Enforcement Network, Bank Secrecy Act filings indicated the total losses due to ransomware incidents in 2021 were approximately $1.2 billion. Equally sobering is the fact that it takes, on average, three and half weeks for companies to recover from a ransomware incident. Companies can suffer significant financial losses and reputational damage following an incident, however customers are just as impacted since their personally identifiable information (PII), such as addresses, social security numbers, credit card details and more are now public and/or sold on the black market.
This underlines the crucial role of ransomware prevention and ensuring you have mitigation strategies in place. There is no foolproof way to prevent your business from getting attacked, but a comprehensive cyber resiliency strategy can reduce the effects of these attacks and improve the likelihood of recovering your sensitive information.
The following section shows how to prevent ransomware attacks.
Building a Strong Ransomware Prevention Strategy
Defeating ransomware requires a multi-layered strategy. You need multiple defensive layers, so if a hacker breaches one layer, you still have protection. There’s no one solution but, rather, a set of comprehensive prevention and recovery strategies.
Multiple layers can prevent ransomware attacks at various points and against different types of attacks. This strategy includes employee training, hardening systems against attack and data resilience.
Strong Authentication and Authorization: Protecting Access
The first line of defense is a strong identity and access management strategy that is void of passwords. Passwords are easily hacked, difficult to remember and maintain. We strongly encourage that your organization goes to a password-less approach or passkeys for employees as well as your workloads.
Strengthen your Zero Trust approach by ensuring multifactor authentication (MFA) is implemented for accessing corporate information, systems, and devices. For example, leverage a password-less solution like Windows Hello with a secondary form of identification such as a PIN and Microsoft Authenticator that requests a physical validation of location for authorization.
Security Solutions: Your Best Friend
Security solutions are there to help your cybersecurity teams in their effort to quickly and effectively protect your servers and operating systems from attack. SIEM and XDR solutions can monitor network traffic to detect and flag unusual network activity and cyber threats. Firewalls prevent unauthorized traffic between the network and the internet and between VPNs and network partitions. Antivirus software specifically seeks and blocks computer viruses and malware while endpoint security protects devices on the network, such as computers, printers, servers and IoT devices. Cloud-based solutions use virtualized security to protect virtual machines, servers and networks. Choose reputable security solutions and keep security software up to date.
Access Controls and Network Segmentation
Employ robust access controls. Segregate your systems to contain potential infections. Ensure vulnerable and high-value systems don’t have external access to the internet. Adopt the principle of least privilege to limit user access to only those resources they need to perform their work.
Email Filtering and Web Security
Emails are one of the more common methods of ransomware malware delivery. Hackers disguise these emails in such a way that they appear to be genuine. Set up robust email filters to detect phishing attempts and activate robust spam filters. Collaboration apps, such as Microsoft 365, have advanced built-in anti-phishing features. Other forms of phishing include SMS and voice phishing on mobile devices.
Software and System Updates: Keeping Vulnerabilities at Bay
No software is perfect. And even after thorough testing, inevitably contains vulnerabilities. Cybercriminals search for these and, when they find them, exploit them to insert malware, steal data or encrypt files. It’s vital to install security patches at the earliest opportunity to prevent hackers from exploiting these vulnerabilities. Outdated and unsupported software is particularly vulnerable to attacks.
Consistent Employee Training and Awareness
Employees play a critical role in strengthening your security poster and securing your digital estate. Invest in their training and awareness so they can protect themselves as well as your organization. Use educational tools, such as KnowBe4 and Gophish, to train employees in the different forms of phishing attacks and how they should respond. Free Wi-Fi is a hacker’s best friend and should be avoided on personal and corporate devices. Showcase how cybercriminals use misleading URLs and raise awareness to the dangers of accessing piracy websites that typically serve up malware hidden in ads.
Safe Download Practices
It’s crucial to adopt safe downloading practices because hackers can easily attach malware to files, apps, messages or browsers. Only download files or software from trusted sites and ensure these sites have “https” in the browser address bar. Avoid “http” sites, as these are not secure. Also, look for a shield emblem or lock symbol that’s usually on the left-hand side of the address bar before the site’s URL. If you’re suspicious about a site’s credentials, check the “About” page and other information, such as a physical address and landline phone number. Don’t download files from suspicious websites or unknown links in emails or messaging apps. Report suspicious emails. It’s good practice to scan attachments with your security software before opening them.
The Power of Backups: Data Resilience
Your backups represent the most important and last line of defense against a determined ransomware attack. The first step is to protect your backup and replication console since without this, you’re lost. Apart from hardening your digital estate and ensuring you have strong identity and security measures in place, it’s imperative that you backup your configuration settings to quickly restore you and your business’s data. This allows you to restore the console if it is corrupted or encrypted. It’s also vital to protect your backup storage from ransomware attacks by following these guidelines:
- Conduct regular backups: Your last backup is the most vital one because that’s the one with your most recent transactions. Back up regularly to minimize data loss in the event of a ransomware attack. Choose a frequency that’s consistent with the volume of transactions, their value and the cost of multiple backups.
- Ensure immutability: Make your backups immutable. This means they cannot be overwritten, changed or modified. Immutability protects against ransomware attacks and accidental deletion.
- Encrypt backups: Always encrypt your backups. Encryption means that if a hacker accesses or intercepts your backups, they can’t read or exfiltrate them. It adds an extra layer of security to your backups.
- Verify backups: You must verify your backups. Depending on the backup software you use, it’s quite possible to make a backup that’s corrupt, incomplete or unusable. The best way to check your backups is to set up a virtual machine and do a test restore. Alternatively, use an automated backup validator solution that checks the backup at the file level. Also, scan your backups for traces of malware that could encrypt your data during the restore process.
- Limit backup access: Limit access to as few key personnel as possible and use high-level authentication procedures to control access. Keep your backup servers separate from online systems.
- Adopt the 3-2-1-0 backup rule: Keep three redundant sets of backups besides your online datasets. Use at least two different types of media to store the data. This could be on a hard drive, a secure cloud repository or on tape. Keep one copy within your corporate systems for easy access, but ensure one copy is offsite, offline and secure. This protects against ransomware and a natural or other disaster. The last digit in the rule, the zero, shows the importance of testing your backups to make certain there are zero errors.
Conclusion: Fortify Your Defenses Against Ransomware
Ransomware continues to be a threat.
At the same time, companies that had access to immutable backups beyond the reach of cybercriminals could restore their systems and resume business with minimal interruption.
Their success was due to a strong ransomware prevention strategy that included multiple layers of defense, including:
- A strong identity and access management approach
- Security solution vendors specialized in detecting, monitoring, investigating, and responding to threats
- Robust access controls and network segmentation
- Email filtering and web security
- Frequent software updates and patches to prevent vulnerabilities
- Consistent employee training and awareness programs
- Safe downloading practices
The last layer of protection is an effective backup strategy that relies on multiple redundant backups stored in different places, on different media and offline. This is supported by immutability, backup encryption and backup verification. When all else fails, a secure ransomware recovery solution is the best protection against ransomware.
Ransomware is a growing threat to all businesses. Statistics show that most companies have experienced ransomware attacks. Many were forced to pay a ransom because their backups were encrypted. On average, most companies incurred downtime of three or more weeks as they tried to recover from these attacks.
- 6 Best Practices for Ransomware Protection.
- 7 Best Practices for Ransomware Recovery.
- 6-Step Ransomware Response Plan.
- Ransomware Prevention Kit.
- Ransomware Protection Demo Series.