Ransomware attacks are striking with increased regularity but you can protect against ransomware attacks. This is a modern problem in malware, combining sophisticated and basic tactics. Extortionists typically do not ask for exorbitant amounts; the average ransom ranges between $300 to $1,000. But consider that Hollywood Presbyterian Medical Center paid $17,000 for access to its own data. On top of that, there is the issue of lost revenue, and tarnished reputation, while a business recovers.
Smaller organizations may be able to use whitelisting to restrict access to a limited number of websites and applications. This is ideal, but impractical for most larger businesses.
An often-overlooked measure is to restrict user privileges. This should be done on a regular basis in any case, ransomware threat or not. The frequency required depends on the amount of turnover and transfer in the organization. Runaway user privileges can cause any malware to spread like wildfire throughout the network, making it difficult to eliminate. Granted, a complete audit of user privileges is a daunting task. A good place to start is user privileges for administrative tasks such as backup, servers, and network support. To minimize the use of administrative accounts, do not permit such accounts to receive email, and assign staff with administrative roles their own normal restricted accounts for everyday use.
A modern firewall is critical in defense of the network. Since threats continually evolve, use an update service that automatically blocks the latest known threats. Many uncategorized websites are used in targeted phishing campaigns to distribute malware. Configure your firewall/proxy to require user interaction, such as a “continue” button, for end users communicating with uncategorized websites.
If the organization has a good set of backups, it will have the choice of paying the ransom or not. Otherwise, there is no choice but to pay. And the only way to know that you have a good set of backups is to test them by performing a restore. During a monthly maintenance window, test the restore of a different backup. It is not uncommon for backups to be configured improperly or to be incomplete due to an unexpected increase in media size required. Check user privileges for backup at the same time.
On the Spiceworks community, IT professionals discussed how the threat of ransomware has changed their backup strategy. Most participants have instituted more backup procedures, more often, to more places than before. Fortunately, there are more backup options than ever. Deduplication is critical for organizations with considerable amounts of data. Snapshot technology (with adequate backups) can bring your organization up to date in, well, a snap. Here are some tips:
If only Sally had not clicked on that link in her email, there would be no ransomware to deal with. That is right. Most ransomware is delivered by email. Typical themes include invoice and shipping notice scams. It makes sense that the best way to protect an organization is to educate end users about phishing.
Say NO to ransomware. Prevent email ransomware threats from reaching your users with SpamTitan.
Sign-up for email updates...