Ransomware Explained (Part 2): What is it and how to prevent it
By Yael Spindel, Cyber Threat Intelligence Team Leader
- Back up sensitive data in a separate location
- Patch all vulnerable systems in the network
- Enhance security awareness and phishing training
- Invest in Endpoint security
- What to do if you are forced to pay the ransom
- Why you should avoid paying the ransom
- Closing Thoughts: surviving with ransomware attacks
Ransomware attacks are all too common in the cyber world. As such, understanding what they are is critical, and can be found here. The next step is to understand the measures to implement to protect yourself from ransomware, as outlined below.
Here are some specific tips for preventing or mitigating ransomware attacks in 2021.
Back up sensitive data in a separate location
Everyone knows and understands the importance of having reliable backups in today’s world. However, to prevent or mitigate havoc in the event of a ransomware attack, you must store your backups in a separate location. Also, you could update your backups policy to mandate standard daily backups and at least a weekly offline backup. For instance, you could adopt cloud backups as standard and then an offline weekly backup. This will ultimately help you to avoid data loss in the event of an attack.
Patch all vulnerable systems in the network
A simple patch on the Windows OS could have prevented the WannaCry ransomware in 2017. By patching the vulnerabilities that exist in your system and network, you’d potentially be sealing off all known loopholes that hackers can exploit. This involves keeping up with these patches, monitoring trends, and even assigning an IT team member to implement these updates. This however requires a great deal of time and effort especially for SMBs without MSP support.
Enhance security awareness and phishing training
The importance of security awareness training in stopping ransomware attacks cannot be overstated. Evidence shows that security awareness training generally leads to a reduction of successful phishing attempts in any business. For instance, phishing simulations should ideally show employees how to spot phishing attempts.
Invest in Endpoint security
Investing in endpoint security can also help companies prevent ransomware attacks. Whether it’s in updating your endpoint policy or deploying an Endpoint Detection and Response (EDR) solution, this will play a key role in detecting ransomware threats and responding swiftly to them. Also, your business could consider adopting a zero-trust access policy that only grants access on a need basis.
What to do if you are forced to pay the ransom
If you’ve been the victim of a ransomware attack, you should know the FBI and many other government institutions strongly advise against succumbing and paying ransoms. This is to not entice further attacks and there is no guarantee that paying the ransom will get your data back.
Why you should avoid paying the ransom
Paying the ransom after a ransomware attack is never a great idea, here’s why.
- Giving in to a hacker’s demand will only encourage and fund cyber terrorism.
- Even with valid decryption keys, you might not get all your data back.
- Your organization could be sanctioned for paying the ransom.
- You could end up making your company more attractive for future attacks.
- Paying the ransom could lead to an increase in cyber insurance premiums.
However, if forced to pay the ransom, you may suffer from the following regardless:
Data remains encrypted
Failure to make the ransom payment essentially means your files will remain encrypted. However, if you’re able to get the decryption key, you should regain access to your files.
Exfiltrated data is exposed
In the case of double extortion ransomware, your exfiltrated data could potentially be exposed if you choose to ignore the ransom demand. However, there’s also a chance that if you pay the ransom, your data may be exposed regardless, especially to other malicious actors.
Damage to reputation and financial loss
It is important to note that not paying ransom could potentially lead to damage to your business’s reputation. With 50 to 70% of ransomware attacks targeted at small and medium businesses, the effects can be crippling. It’s, therefore, no surprise that around 60% of small businesses fail within six months of experiencing an attack. Similarly, your inability to access encrypted files could result in business disruption and financial loss.
Closing Thoughts: surviving with ransomware attacks
As hacker sophistication continues to rise, companies must continue to evolve in their response to ransomware prevention and mitigation. Although ransomware gangs will constantly find ways to breach your systems, organizations must evolve and respond appropriately by staying one step ahead.
Protect yourself. It is recommended to work with a cybersecurity provider that has vast experience in different types of attacks and works 24/7/365 to secure you and your company.