5 Techniques to Get You Ransomware-Ready

Most of us have heard of “ransomware,” but what is it? Who does it impact? How can you protect your business?
Think of ransomware as the smoke and mirrors of cyber attacks; the last ditch effort to take as much loot and valuable intel as possible before heading to the next victim. It’s an incredibly effective and popular way for cyber attackers to distract their victims from another covert attack, which may occur simultaneous to the ransomware.

In fact, ransomware is so popular attacks are up 195% since the fourth quarter of 2018, costing businesses more than $75 billion per year.

While the use of ransomware on companies is non-industry-specific, cyber attackers do have an affinity for targeting small- to medium-sized businesses. Why? Because smaller businesses oftentimes lack the in-house cybersecurity capabilities to prevent and remediate attacks.

We know what you’re thinking, “Wait I’m a small- to medium-sized business. What am I supposed to do?” Step away from the panic button. Yes, the threat is real, but your fear doesn’t have to be. Keeping a level head by understanding all available resources is always best. These five tactics give you the muscle you need to enter the ring swinging when facing the ever-evolving opponent that is ransomware.

  1. Utilize the 3-2-1 Rule. If you’re a government agency or function in the financial sector, this is an easy-to-remember way to keep your data secure in any circumstance when problems hit the fan. Make three (3) backups of your data, where two (2) copies are stored on different mediums, with at least one (1) offsite. Having more backups stored in different forms of media at multiple sites creates the proper segmentation and separation to guarantee that your data is backed up for successful restore. Always remember to test these backups to make sure they can be recovered successfully.
  2. Subscribe to Threat Intelligence Feeds. The cybersecurity industry is working harder to connect and collaborate as more and more information sharing platforms and tools emerge. Subscribe to Watch lists such as Ransomware Tracker, which easily integrates into your firewalls, IDS/IPS technology and AV solutions to continuously block known malicious domains and known malicious IPs to protect your infrastructure.
  3. Limit Exposure at The Network Level. While much of the cybersecurity industry is split on the best way to patch outdated systems from being exploited, another way to protect your infrastructure is to limit the number of ways an attacker can access your network. By blocking remote desktop protocol (RDP) and other remote management services, you limit the likelihood of an attacker being able to access your network. Additionally, an organization may be able to limit the types of files that are able to be received via email, reducing the potential threat vector from malicious file extensions. By isolating/properly segmenting your network and reducing the types of files that an organization can receive, you limit the size of a potential outbreak.
  4. Protect Your Systems with Next-Generation Anti-Virus. Most traditional anti-virus solutions either use a known dictionary of malicious files or look solely at how the file behaves. Most modern infrastructures require a combination of limiting the types of applications that can run, robust filtering and permissions of the devices as well as both reviewing the files and how the file is behaving. By using a Next-Generation Anti-Virus solution or an Endpoint Detection Response tool, you are able to get real-time, full visibility into what is happening on your device. This gives you the home court advantage to make actionable responses before it is too late.
  5. Use a Third-Party Vendor to Identify Exploitable Areas of Your Organization. Consider this to be your organization’s annual health check. As most small- to medium-sized businesses are unable to hire an in-house specialized cybersecurity team, it makes it essential to hire a security specialist to identify your areas of weakness. A security vendor should investigate potential areas of compromise, process gaps and technical controls to understand all possible entry points for an attacker. It is important to use an independent third party who is able to put themselves in the attacker’s shoes.

Yes, ransomware incidents are on the rise, but following these five techniques will give you and your company the confidence you need to stay one step ahead of an attacker, despite an ever-evolving threat landscape. Contact a CyZen cybersecurity advisor to address any questions you may have about actionable ways to fortify your business’ valuable assets and secure your organization’s profitability.

Compliments of CyZen, a member of the EACCNY