Ransomware attacks target organizations around the world all the time. Irish businesses of all sizes became aware of the threat of ransomware when the HSE disclosed the devastating cyber attack on its IT infrastructure in May 2021. This post overviews what ransomware actually is and highlights five key strategies for ransomware prevention.

What is Ransomware?

Ransomware is malicious software that blocks access to devices or the data on them by encrypting files. The attackers demand that their victims pay a ransom if they want to remove the encryption and access their files again. Typically, victims find a note displayed on-screen informing them that their files are encrypted along with payment instructions for removing the encryption.

Ransomware is the most widely used method of attack for cybercriminals because it’s potentially incredibly lucrative. As evidence of how lucrative successful ransomware attacks can be, the Colonial Pipeline Company in the United States paid a $4.4 million ransom in May 2021.

Industry predictions state that ransomware attacks will target businesses every 11 seconds by the end of 2021.

Ransomware Prevention Best Practices

The ransoms demanded by hackers typically reach hundreds of thousands of Euros or even millions for SMBs. And even if you pay the hefty ransom, there’s no guarantee you’ll get all your files back. So, when it comes to these attacks, prevention is definitely better than cure.

1. Require Multifactor Authentication

Ransomware attacks often start with social engineering techniques that persuade people to reveal their login credentials to a business application or system. Once the attacker has access to a network using those credentials, they can move through the network and install malicious software that encrypts important files.

A good way to harden your network against this type of entry route is to require multifactor authentication to verify user identities. When you only require a simple set of username-password credentials to verify users and let them log in, all it takes is a persuasive phishing email to expose your entire network. This risky dependence on passwords alone is amplified in a world where employees work remotely and often access resources from their laptops using Remote Desktop Protocol connections.

Multifactor authentication (MFA) requires users to provide an extra type of evidence along with their username-password combination before they can access a system or resource. A username-password pair counts as something users know. The point of MFA is to use another category of evidence to mitigate the risk of password theft.

A good alternative type of evidence to require is something the user has, such as a USB security token that generates one-time PIN codes. Another type of category favoured by some companies is something the user is, which typically means using biometric data like a fingerprint or facial recognition scan.

2. Have a Backup and Disaster Recovery Plan

A big pain point of successful ransomware attacks is not having access to important files, systems, or servers. A solid backup and disaster recovery plan can prevent these issues from arising.

With a recent backup in place, even if someone manages to encrypt the data with ransomware, you can restore it without needing to pay the ransom. A disaster recovery plan can implement failover solutions so that operational disruption is minimal. For example, if key business services or applications get taken down due to a server being encrypted, your disaster recovery plan can kick in and you can resume those services using cloud infrastructure.

The use of backups has been so successful that some cybercrime groups have evolved their ransomware to use a technique known as double-extortion. The use of double-extortion ransomware doesn’t just lock your important data. This type of ransomware also extracts data from your network with a threat to leak it online or sell it.

There is debate within the information security world on whether backup and disaster recovery are still useful tools for ransomware defence. Not all ransomware attacks use double extortion, though, so backing up data remains a valid form of proactive defence against these attacks.

3. Invest in Cybersecurity Awareness Training

Your company’s ability to prevent ransomware is strongly correlated with the level of overall cybersecurity awareness among employees. Cybercriminals know that humans are often the weak link that they can exploit to access your network and encrypt your files.

Cybersecurity awareness training can highlight the common methods outsiders use to gain unauthorized access to business assets. Employees should know about the dangers of opening email attachments or clicking links from untrusted sources. Good training can teach employees how to differentiate between genuine emails versus phishing emails.

The topics worth covering in training include:

• Selecting strong passwords that aren’t easy to guess
• Social engineering techniques and how to protect against them
• The risks of revealing sensitive information on social media
• The importance and use of antivirus, anti-malware, firewalls, and other security solutions
• How to use Wi-Fi networks securely
• How to securely browse the Internet without compromising the business network

Not every business has the capacity to develop its own cybersecurity awareness training modules. There are third-party companies that specialise in this area. Investing in training can definitely pay off in a big way in terms of ransomware prevention.

4. Restrict Privileged Access

Whether you’re managing remote user accounts or any other account on your network, it’s important to restrict privileged access for your users. When an employee has more privileges on the network than they need to perform their daily work, you introduce greater risks should that employee’s account become compromised.

Privileged access can enable hackers to wreak havoc across an entire network. Privileged users can install malicious software on all devices or modify operating system registry keys.

Restricting privileged access puts a limit on the damage that malicious intruders can cause. While some ransomware families can cause damage regardless of privilege level, minimizing privileged access is a good practice that improves your information security and is relatively easy to implement.

5. Use Patch Management

Exploiting users isn’t the only way people can break into a network and install ransomware. Hackers often seek to exploit businesses that run unpatched software, device firmware, and operating systems on their IT infrastructure.

There are various tools that can automate patch management for you. Aside from software and operating systems, you should push patches to WiFi access points, routers, firewalls, intrusion detection systems servers, workstations, and printers when they are released.

Proper patch management keeps all relevant IT services current by applying the latest updates in a timely manner. These updates often address security vulnerabilities that are found and reported to the company that coded the software or manufactured the device. It should be part of your company’s security policy that remote users also apply patches on time for devices they use to connect to your network.

Closing Thoughts

Preventing ransomware is both important and feasible for businesses of all sizes. It’s not an inevitability that your company will become a victim, especially if you adhere to these best practices.

At iPing, we can help Irish businesses prevent ransomware. We provide managed IT services that can spot problems and potential ransomware attack vectors before you even know about them. We also have business continuity services and we can help you support remote workers in a productive, safe way. Contact us today to find out more.