Preventing Ransomware Attacks
Do you have to pay the ransom money?
Researchers in cybersecurity disagree on whether you should pay. The FBI opposes paying the ransom. Some victims pay the ransom and get access to their files. Others pay but never receive a key. Petya’s case was different. The software was created by developers without any method of decrypting data.
Experts recommend cutting down on losses and not paying a ransom. Data loss can have a significant impact on your organization, and ransom hackers are increasing in demand. Petya developers initially asked for $300 in bitcoins. Modern ransomware variants ask for thousands of dollars in cryptocurrency. Ransomware is only possible because malicious actors behind it continue being paid. The ransomware model would crumble if payment were taken off the table.
The ransom payment does not guarantee that you will receive the private key necessary to restore your data. Protect your files instead by taking precautions in your daily operations. You can restore files to their original condition in the event of an attack. Backups are crucial for recovering from an attack.
- Training for users
- Quarantining suspicious emails
- Filtering content
Training users on how to spot ransomware
Training users greatly reduces the risk of infection. Ransomware attacks usually start with malicious emails. You can train users to recognize cyber threats such as ransomware and phishing. Users who are trained to recognize malicious messages are less likely than others to open infected attachments.
Hackers often use social engineering to their advantage. When an attacker targets a specific user on a network with higher privileges, it is called social engineering. These attackers believe that these users are more likely to have access to or store critical data locally. This raises the likelihood that the ransom will be paid by the business.
Software should be kept up-to-date and patched.
You should ensure that firmware, anti-malware software, operating systems, third-party applications, and operating systems have the most recent patches installed. Software updates are a must to ensure your anti-malware detects the latest ransomware variants.
WannaCry is one example of an operating-system threat. It used EternalBlue, a vulnerability discovered by the United States National Security Agency. It exploited a vulnerability in the Windows operating system Server Message Block protocol (SMB). Microsoft released patches to prevent WannaCry about 30 days before the infection. Windows operating systems without patches are vulnerable.
We’ve also seen ZeroLogon used in ransomware attacks.
Always keep backups
Ransomware can be easily reversed by restoring data from a backup. Backups can be used to bypass ransomware by restoring data from other sources than encrypted files. Hackers are aware of this and have developed ransomware to scan the network for backup files. You must still remove ransomware from your network after you have restored it from a backup.
A backup copy of your backup files offsite is a good way to prevent malware from encrypting them. For businesses that need an offsite backup solution, cloud backups are the best choice. Cloud backups allow you to keep a copy of your files secure from ransomware or other cybersecurity threats.
Ransomware attacks are usually initiated by an executable or script. This downloads the executable and runs it. Some ransomware attacks are not immediate. Ransomware can remain dormant for a certain time. One example of ransomware was Locker, which is a CryptoLocker-copycat. It was silent until May 25, 2015, at midnight, when it executed its payload.
Applications that monitor suspicious network traffic can be used by network administrators to detect ransomware. When malware renames large numbers of files, the applications send out notifications. Anti-malware software can protect against ransomware of all types. It has digital signatures that can identify ransomware before it executes. It doesn’t always catch zero-day threats – these are attacks that developers aren’t aware of.
Artificial intelligence (AI), machine learning, and behavior monitoring are the current anti-malware options. These solutions can compare the current file status to file access requests and changes. Administrators are alerted to suspicious activity so that an attack can be dealt with quickly and prevent data destruction and file encryption.
Prevention starts with early detection
A combination of anti-malware software and good monitoring tools is required to prevent ransomware. While cyber-defenses cannot eliminate all risks, they can reduce the likelihood of attackers being successful.