Ransomware: Four ways to recover and protect yourself
Ransomware attacks are a common part of cyber-life, as we all hear. These criminals can create sophisticated threats because business is good for them. Organizations lose access to their data which can potentially put their entire business at risk. Organizations that are not adequately protected often have to pay ransom to get their data back. They may also be forced to attempt an ad-hoc recovery effort, without guaranteeing a reliable recovery. These are the best ways to ensure your data is protected and recovered from ransomware attacks.
To protect your infrastructure and endpoints from growing cyber threats, it is important to implement a multi-layered security strategy. This includes anti-malware and personal firewalls, file encryption, DLP, and data loss prevention software. Even with all the security measures in place, there is still a chance for a breach. This is why it is important to back up your data.
The Threat Report, Myths in Cybersecurity that People Must Forget, 2019, 2019
We have compiled the following best practices to protect your most sensitive business environments from ransomware:
1. A solid information security program is essential
These steps will help you create an effective security program, even if your organization is just starting to get into information security.
Table 1 – Components of a successful security program
|Find out where your most important data is kept||Complex environments make it more difficult to keep track of where data is located.
* Remote facilities
* Service Provider
|Inventory systems||* Find out which systems store and process critical data.
* Learn the data flow
* Determine which systems pose the greatest risk to your operations
|Assess the risk||Include electronic records, physical media, as well as the availability of key services, systems, or devices|
|Security controls||Security controls that are based on risk can be selected, applied, and managed.|
|Monitor effectiveness||Be prepared for the changing threat landscape
* Assess the effectiveness of the risk-based information security strategy and the security measures.
Controls applied and proper implementation of security technology
* Learn from the mistakes and take corrective action.
|Educate users||Employees should be educated about what to do if they receive emails from unknown senders
Using suspicious attachments and links (see Appendix to learn more about the recommended steps)
2. Technology best practices to protect data
Businesses must understand the costs of cybersecurity investment and employee education to protect against losing access to crucial data. This will help them to avoid damaging their reputation and business.
Domain Tools has released the 2019 Threat Hunting Report.
Respondents indicated that 55% of respondents thought detection of advanced threats (hidden unknown and emerging), was a major challenge for their security operations centers.
Protecting your network against ransomware attacks is an important first line of defense. Organizations can also protect their IT infrastructure and data by following effective technology best practices. Table 2 lists key technology strategies that can be used to prevent ransomware attacks.
Table 2 – Technology best practices
|Prevent and detect||* Keep your systems and software up-to-date with the latest patches.
* Protect against file-based threats (traditional anti-virus), download protection, and browser
Protection, heuristic technology, firewall, and a community-sourced file reputation
|Use external certification groups (computer emergency response teams)||* Often able to identify problems before they infect companies
* Can offer recommendations for immediate manual filtering steps (software)
Companies may take hours or days to issue a patch.
|Stop infection by identifying it||Define a comprehensive policy for prevention and recovery.
* Covers endpoint and network policies, protection products such as antivirus, and other protection products.
Antispyware and firewall-type products
* Prevents unapproved programs from being executed on workstations
* Restricts end-users write capabilities so that even though they have downloaded and run a program, it will not allow them to modify the files.
Ransomware programs, cannot encrypt files other than the user’s files
* Includes electronic records, physical media, and the availability of critical systems.
services, or devices
|Maintain a “golden” image of all systems and configurations||Data management policies are fundamentally based on this:
* You can easily clone infected systems with master
|A comprehensive backup strategy should be in place||Be prepared for evolving threats
* Assess the effectiveness of the risk-based information security strategy.
Security controls and proper implementation of security technology
* Learn from the mistakes and take corrective action.
|Educate users||It is important to educate employees about what to do with emails.
Unknown senders, suspicious attachments, and links (see Appendix).
3. Employ effective backup strategies
Recognize that ransomware events are almost always progressive hacks. The ransomware can be run in the background and learn the behavior of your backup procedures. As such, it is important to maintain a persistent copy of the data in other locations as part of your recovery readiness strategy and disaster recovery procedures.
Companies that rely solely on snapshots for backup are more at risk. The source of the data is also corrupted if the snapshot or another instance is replicated. This happens because it follows the replication. It is essential to have a backup copy of data from previous recovery points stored in a secure location.
Another option for an external collection is to use a cloud library. The cloud backup isn’t visible to local administrators operating system accounts so it will require more sophistication to access your cloud credentials. Tape is not a popular choice, but it could be an alternative for businesses. The persistent risk is exposed by the cloud or disk nature.
Table 3: Data protection best practices
|Backup is a must
|* Call directly for a backup copy, not versions stored on the same system
* Keep backup copies of data externally, beyond the simple snapshots that are kept on the source system
4. Educate employees to secure the endpoint
|Training users on security best practices||* Install a firewall
* Make sure you enforce a password policy
* Make sure that users and programs of the computer have the minimum privileges required to complete a task.
* Turn off AutoPlay
* If file sharing is not required, please disable it
* Disable unnecessary services and turn them off
* Disable or block network access if a threat exploits any of the services.
Services until a patch have been applied
* Keep your patch levels current.
* Set up your email server to remove or block email attachments commonly used for spreading threats
* Stop threats spreading by quickly isolating compromised computers
* Remind employees to not open attachments unless they’re expecting them
* Bluetooth should not be required by mobile devices if it is not necessaryRefer to Symantec, Security Best Practice recommendations, 2018 for complete details
|Use endpoint protection best practices||* Use URL-reputation plugins to display websites’ reputations from search results
* Limit software to approved corporate applications, and prevent downloading of software
File sharing websites. Only download packages from trusted vendors’ sites
* Use two-step authentication for any app or website that offers it
* Make sure users have different passwords for each email account, application, and log-in.
Particularly for sites and services that are work-related
Any organization must ensure the security of critical business information. Ransomware attacks can be prevented by businesses making them a priority. You can protect your data by paying attention to technology, backup, and best practices for employees. This will make your data more secure, and help you to ensure business continuity while reducing ransomware risk.