This year ransomware protection emerged as the number one concern for security practitioners
The Kaseya Ransomware attack, the attack on Colonial Pipeline, Kia Motors, Acer and more, powerfully illustrate why ransomware is a pertinent concern today.
If some of the largest, most resourceful organisations in the world, have been impacted and have had to pay ransom in millions of dollars, the rising success of ransomware attacks becomes irrefutable.
In this blog we’re going to discuss:
- What exactly is ransomware?
- What is ransomware protection?
- Can you truly prevent ransomware?
What is Ransomware?
Simply put, ransomware is a type of malware that infects a system and encrypts the victim’s data. It either blocks access to the data completely or steals the data and threatens to release it. Ransomware criminals will typically threaten to release this sensitive data unless a ransom is paid (usually in cryptocurrency).
Ransomware usually starts as a phishing attack or even a social engineering attack. A leaked password, a malicious email attachment downloaded by an unsuspecting employee or even inadvertent browsing of an infected website through a mobile device - any of these can be the starting point for a ransomware infection that can encrypt files and all business data within minutes.
As we’ve seen recently, gas supplies have been affected in the world’s largest economy and a baby supposedly lost his life due to medical negligence - all caused by ransomware attacks. Clearly, malware protection and ransomware protection are no longer just IT and security problems but are complex business and governmental concerns now.
What is Ransomware Protection?
So what exactly is ransomware protection? Ransomware protection involves taking into consideration tools, processes and procedures to stop the ransomware from ‘attacking’ an organisation in the first place.
Yes, you need anti ransomware tools and anti malware protection technologies, but it goes way beyond that. Ransomware Protection also encompasses business and human elements. Some basic hygiene steps can go a long way in protecting your business against ransomware attacks.
As we know, in case of the Colonial Pipeline attack, it was a single leaked password that wreaked havoc for gas supplies in the East Coast of the US, disrupting not just the business of Colonial Pipeline but also the businesses and daily lives of many others.
Ransomware protection, then, is all about creating a healthy cybersecurity environment in your organisation where technology and the human element work together to mitigate chances of being attacked and the impact of the attack if it does occur.
Investing in a Ransomware Assessment conducted by external specialists is a great way to see where your business stands in terms of vulnerabilities and ransomware response capabilities. It also makes sense to have a solid and dependable Ransomware Response that you can turn to when the worst happens.
Can you truly prevent Ransomware?
Nobody can claim to know the secret sauce to completely preventing ransomware. But there are definitely a few ransomware protection steps that every business can take to come as close to preventing attacks as possible.
The first and foremost of these is educating your staff about ransomware attacks, ransomware prevention techniques and training them to always be on their guard against phishing emails and malicious attachments.
Key business executives have to be oriented in their roles and responsibilities and they need to understand how precious their privileged credentials are.
More important, however, is that your staff and key decision makers should be familiar and conversant with Ransomware Response Checklists so the response becomes a part of their muscle memory. Through regular practice of these checklists with Ransomware Tabletop Exercises, business executives will be able to make the right decisions and think and act calmly despite the chaos - a critical aspect of ransomware protection.
Here are a couple of other things that your organisation can do to ensure protection from ransomware attacks:
- Backups: Effective offline data backups are the number one protection you can invest in against ransomware criminals. Why? Because if the ransomware infection cannot reach and encrypt data in the backups, your data is safe. Remember the key word here is ‘Offline’. As in, the backuped data must not be connected to the Internet in any way whatsoever. Put another way, you can bounce back and ensure business continuity almost always if your backup technology is immutable. Since you’ll have a backup of your data, even if criminals demand payment, you don’t need to negotiate or pay and that’s half the battle won.
- Stay Updated: Make sure that all your internet browsers and applications are updated regularly. Even the Operating System updates on your mobile devices must be paid attention to. Avoid giving unnecessary permissions to pop-ups and extensions. These can lead to data theft and can also become gateways for infection to enter your computer networks.
- Always Verify: It’s great to know that your business has invested in solid backup technology. But the efficacy and impenetrability of these backups need to be verified regularly.
High-quality external audits and assessments are a great way to objectively judge and test the viability of your technology infrastructure and how well it can withstand a ransomware attack.
These are just some of the recommendations that you can start with when it comes to ransomware protection. There are many great resources that you start with when building anti-ransomware capabilities in your organisation.
Ransomware Checklists and readiness workflows will give you a quick insight into what you can do to achieve the level of protection required to beat criminals in their tracks. Becoming nearly as protected as you can and building cyber resilience capabilities takes time and effort, but with the right direction, it’s not impossible.
