Ransomware attacks are back in the news, and not because they’re going away. Over the last few days:
- The Russian ransomware group known as REvil attacked one of Apple’s suppliers and stole schematics for its current and upcoming products. Unless the iPhone manufacturer pays a $50 million ransom, the schematics will be released to the public.
- A massive new ransomware campaign is targeting users of QNAP network attached storage devices. Using infected .7zip files, the attackers are able to encrypt all storage contents and are demanding a ransom of approximately $550 per infected drive.
- Sophos researchers have discovered that malware strains are now using transport layer security (TLS) to remotely communicate between infected devices and command and control servers. This means that ransomware infections become that much harder to detect.
If ransomware attackers can get to Apple, then they can get to you. It’s important to follow ransomware protection best practices to mitigate your company’s risk.
Why Should You Adopt Ransomware Prevention Best Practices?
Right now, information security technology vastly favors adversaries as opposed to defenders. Any sufficiently determined adversary will eventually defeat even the most hardened client. This is especially true for ransomware attackers. Not only are they financially motivated, they’re often backed by nation-states. As a result, they’re some of the most technically innovative attackers out there—in 2019 alone, security researchers estimate that North Korean attackers stole over $2 billion USD via malware and ransomware campaigns.
Ransomware is a type of malware - but one of the most malicious strains. Ransomware works by encrypting your data; and oftentimes, the only way you can get your data back is to negotiate with your attacker for the decryption key. It is not uncommon for victims to pay the ransom and never get their data restored.
So how can you restore your data after an attack? Many ransomware strains now encrypt backups as well. If you haven’t implemented a robust 3-2-1 backup program, you may be in serious trouble. To protect your critical data - keep 3 copies, on 2 different types of media, and one offsite and disconnected from your network. The 3-2-1 backup program ensures that you have a copy of your data that is not linked to your network, a link that ransomware can follow to infect your backups.
To summarize, ransomware attackers are prolific and technically sophisticated—but that doesn’t mean your company is doomed, or that you’ll constantly need to pay an attacker’s ransom. Ransomware attackers rely on volume to make money, and they know that most companies can’t pay $50 million ransoms. If they come across a company that has high-level cybersecurity measures in place that may take days or weeks to breach, they might pass it up in favor of companies that could take minutes or hours to breach.
This is why it’s important to follow ransomware prevention best practices. You may not be able to make your company impregnable, but basic preparedness will vastly decrease the likelihood of a breach.
What are the Top Three Ransomware Prevention Best Practices?
Here are the three best tools that can mitigate the chance of a ransomware infection:
- Web and Email Hygiene
Right now, 94% of malware is delivered via email, and over 97% of phishing emails contain ransomware. Phishing attempts will either contain a PDF or Word document designed to drop malware, or they’ll link to a bogus phishing website that drops malware into the browser. Train your employees to delete emails with links or attachments from unknown senders. Email and web filtering are two of your best weapons against ransomware. By blocking emails from suspicious domains and blacklisting websites that haven’t yet been indexed by Google (these are most likely to be phishing websites), you’ll be able to mitigate ransomware attackers before their malware ever executes on your machines.
- Next Gen Firewalls
We mentioned that many new ransomware strains are using TLS to communicate with their command-and-control servers. This is where next-generation firewalls are helpful. These applications are capable of decrypting suspicious traffic in real time to find evidence of malware threats. If your device is infected with malware and it attempts to communicate, the firewall can automatically quarantine that device from your network, rendering the malware useless.
- Advanced Antivirus Software
Finally, it’s important to make sure that you still aren’t using consumer-grade antivirus software. Simpler forms of antivirus software only look for malware’s “signature,” which is what a malware file looks like when it’s encrypted and before it executes. Advanced antivirus software looks for malware’s behavior instead, quarantining and deleting malware when it attempts unauthorized creation, deletion, or encryption of your files.
Work with a Managed Service Provider to Mitigate Ransomware Risk
At TBConsulting, we work to protect our clients from cyber attacks. Our certified security experts work to secure systems, networks, and environments for advanced security protection. We run an 24/7/365 IT Operations Center (ITOC) to detect, respond and mitigate anomalies in real time. With 25 years of experience, our people, processes, and technology can help protect your data, your business and your budget. For more information, receive your free diagnostic risk report and learn how TBC can help your business.