Two years ago, ransomware was practically unheard of. Today, it is the single greatest threat to your network. There are literally hundreds of variants, but the worst strains are the crypto-ransomware variants, which encrypt system and network files with ease, rendering them unusable and unreadable. Of course, in most cases, you can get your files back, if you pay the ransom.
The malware used to infect and encrypt devices is typically delivered through an innocent-looking email, that invites you to click on a link, or download an attachment. These emails are spoofed so well that they look like they were sent internally, by your Manager, or CEO. The encryption used by cyber-criminals is so airtight, that when questioned about it, the FBI had this to say:
“The ransomware is that good,” Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program told Boston’s Cyber Security Summit in October. “To be honest, we often advise people just to pay the ransom.”
Many different industries have been targeted, including, healthcare, education, finance, and even law enforcement. The most high profile case of ransomware this year was the attack on Hollywood Presbyterian Medical Center in California, and there have been hundreds of similar attacks since then (See here and here). If you work in healthcare, not only do you have to deal with the impact of ransomware ravaging your network, but it also needs to be reported as a HIPAA breach to OCR as well.
Fortunately, all is not lost. There are several concrete steps you can take to protect your organization’s network before you become the next victim.
Step 1: Secure Your Network Perimeter
You should have done this already, but if you have not, you need to have a Next Generation, Unified Threat Management (UTM) system in place. This is the new breed of the old, reliable “firewall.” This system should include self-containing software that not only contains Intrusion Detection & Prevention, but also includes things like SPAM & Phishing filtering, malicious website filtering, and web content filtering. The SPAM & Phishing filtering are crucial, as that is how cyber-criminals are delivering the ransomware payloads.
Step 2: Deploy Strong Anti-Malware Solution
Assuming ransomware is able to make it past your perimeter and into your network, your next line of defense is your anti-malware software installed on each of your endpoints (Mobile Devices, PCs, and Servers). It cannot be emphasized enough how important this step is. If your UTM system fails, you need to have a second line of defense. Most anti-virus solutions today have known security flaws, and are not equipped to handle ransomware & other malware attacks; a fact known by cyber-criminals who readily exploit it. A strong anti-virus/anti-malware solution is designed to protect against ransomware specifically, zero-day malware attacks (i.e. previously unknown attacks), detect and prevent malicious attachments from being opened, and will be able to detect all widespread and prevalent viruses and malware. But the best solution doesn’t stop there. It will also include SPAM filtering and malicious web filtering for each endpoint, as well as blocking malware from installing itself at the root level.
Step 3: Deploy File & Disk Encryption
As a rule, most organizations do not implement encryption on their networks. Years ago, this was a costly and burdensome endeavor, and it was impractical for most companies. The threat was low, and the cost high, so it didn’t make sense. Today, encryption has become so widespread that it is very cost effective and easy to implement, even in a large-scale environment. Encryption is a great defense against ransomware, or any other type of data breach. Think of it like this, if your files are already encrypted, there is nothing left for the cyber-criminal to encrypt and hold for ransom.
Step 4: Backups – Your Last Line of Defense
When all else fails, the one thing you should be able to rely on to protect your data are your backups. Data backups should be done both weekly and daily. A weekly backup should be configured to capture all the data stored on a file system, while a daily backup should be configured to only capture the data that has changed since your last backup. To ensure your data is safe from a ransomware attack, there are three objectives your solution must meet:
Step 5: User Training
This really should be #1, as education is the most effective way of protecting yourself from becoming a victim in the first place. IT Professionals are rarely, if ever compromised. The reason is simple. They are trained in what to look for, and how to either avoid it, or protect themselves against it. Unfortunately, criminals have honed their skills and have become more effective at luring unsuspecting victims into their trap. This is why many organizations have made cybersecurity training mandatory. Evidently, it’s not enough, as everyone from hospitals to financial institutions around the world are falling victim to this scheme. Every organization should create and implement a training policy for all personnel, so that although they may not reach the same level of knowledge as a Technical Engineer, they will indeed have the training and presence of mind to think twice before clicking on a link or an attachment.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.