Ransomware, for quite some years now, has stopped merely being a part of cyber-fiction and is a dismal reality that has cost billions of dollars to unsuspecting, lethargic, and laggard organizations. Cybercriminals are turning to increasingly complex, savvy, and impenetrable means of cyberattack monetization, and ransomware is right up there at the top. The consequences of a ransomware attack on a business can be catastrophic. Ransomware can paralyze the operations of the entire workplace if it lands in shared locations within wide networks. Of course, in light of all this, being prepared for ransomware is the only option for any organization that uses IT (that's, well, most of them). And as bad as ransomware has been, experts expect it to get worse.
Focus on ransomware prevention
Ransomware, traditionally, has been viewed as a problem that's hard to anticipate and prevent. So, IT experts within organizations have always worked in a “reactive” mode to ransomware. Of course, fighting back after a ransomware attack is important, but only secondary to taking proactive measures for the safekeeping of your organization's IT assets. Any foiled ransomware attempt implies you save thousands, perhaps millions, of dollars that would be lost in ransomware recovery expert fees, ransom payment, and workplace disruption. This brings us to the idea of learning best practices, tips, and tricks to enable enterprises to prevent ransomware attacks and remove them once they strike.
Keep antivirus updated
Make sure that the antivirus software protecting your enterprise computers is updated to the latest version, across all endpoints. Remember, your enterprise IT network is as vulnerable as the least-protected computer terminal in use. Antivirus applications are based on signatures. Malware can slip in if the version is not updated. However, antivirus packages are your IT department's first line of defense, so implement mechanisms that ensure regular upgrades.
Regular security awareness programs
When was the last time a security awareness campaign was conducted within your enterprise? Most ransomware make their way to computers via phishing, wherein cybercriminals posing as vendors, colleagues, educators, or marketers send out emails with infected documents and other attachments. Because of the pervasive nature of email communication, end users often instinctively open these malicious emails and, in a sense, open the gates for malware and ransomware to rush in. The most effective preventive measure you can rely upon is all about regular education and training of the workforce, enabling them to:
- Identify malicious emails based on known patterns of such phishing mailers.
- Quickly report the receipt of such emails to the organization’s IT teams.
- Understand and remember the steps to be taken if they accidently open a suspicious email.
Advanced data backup mechanisms
Most ransomware attacks work as follows. A malware infects/locks your vital data, and you’re asked to pay a ransom to regain access. Think of it – if you already have a couple of updated backups of the “stolen” data, you could get your data back yourself as well as involve cyber policing and investigation experts to track down the hackers without fear. Here are some data backup options you can leverage:
- Daily updates of backup with cloud service providers.
- Periodic archiving of data in local storage devices.
- Using network-attached drives to backup the data.
- High capacity SSDs for physical safekeeping of data.
Leverage Group Policy Object controls
GPO restrictions are surprisingly underused, given their time-tested effectiveness in restricting all kinds of malware. GPO restrictions ensure that there are no unsolicited installations resulting from careless end user activity. GPO settings hand over granular control over endpoint file execution to you. Your IT administrators can add rules to block all kinds of suspicious activities related to file installation and execution. For instance, by blocking all kinds of executables in attachments, you can leverage GPO to effectively neutralize many phishing-origin cybercrimes.
Patching commonly used third-party apps
Adobe-, Flash-, and Java-based applications have been employed an untold number of times to infect computers with ransomware. A preventive measure often ignored by IT experts is patching. When third-party software applications are patched, the attack surface for all kinds of malware infection attempts is minimized.
Restrict endpoint administrator rights
We know that there’s a widespread sentiment around letting end users have administrator rights to be able to troubleshoot common IT issues, as a way to reduce workplace disruptions. However, if quick resolution of common computer issues is your goal, do it by making your IT teams more agile. End users are not expected to deal with software installations, system settings tweaks, etc. So restrict administrator rights for end users, and reduce the exposure of your workplace computers to all kinds of malware, including ransomware.
Prevent risks of social engineering and spear phishing
The hit rates of phishing emails are surprisingly high because of the advanced social engineering methods employed by cybercriminals. Enterprise IT teams have to invest time, thought, and money in educating their workforce about how they can balance their social presence and workplace security considerations. Work on a social media policy that lays down the accepted and out-of-bounds social media practices for employees. Identifying spear phishing attempts and neutralizing them is critical for safekeeping of employee identities and their computers’ data. Consider hiring a third party to conduct social engineering tests, such as ones offered by LIFARS and Rapid7, to make the employees aware of how loose social media practices can ultimately cause millions of dollars to the company.
- Implement data leakage prevention and anomaly detection mechanisms to make sure that no data is being leaked out of the company network.
- Filter out macro-enabled files and restrict the execution of such files, because macros often contain malicious codes that release ransomware into the computer.
- Your backups must start only after complete system scans, so that any malicious files are not backed up!
- Remember the words “least privilege” when devising mechanism of access for end users. Users must only be given the least privileges necessary for them to perform expected tasks.
Photo credit: Shutterstock