It is uncanny, the resemblance of a ransomware’s working to the ongoing lockdown. Just like we are connected and yet we aren’t, a ransomware encrypts our files such that they are there, and yet we cannot access them. And there’s a heavy price to be paid for getting back the access. A ransomware is akin to an actual kidnapping, wherein the criminal demands a ransom in return for releasing the hostage. Except that the hostage is your file system.
Ransomware protection can seem like a daunting task, especially because of all the panic a ransomware attack creates. That’s why we are going to break it down for you in 10 steps.
Invest in a third-party email security solution
This one’s obvious. It is always much more calming if you have a security partner ready to lead you through an attack. Cyber security solutions can be employed on your email and also on individual machines. Some companies provide licences that encompass all machines across the business. The solution will act as the first line of defence and identify whether a malicious email has made its way to your inbox.
But supposing a ransomware does slip through, the anti-malware tool will block the ransomware from doing its dirty work on your machine.
We at Logix Infosecurity believe in being strong gatekeepers than go in firefighting mode. Our Cloud Email ATP solution has been blocking all modern strains of ransomware. Our email security solutions stop ransomware at the entry point itself.
This is a necessary evil for ransomware protection. Organizations are sometimes unwilling to maintain several copies of their data and correspondence. Mirroring every little change across all copies of your backed-up data can become a pain.
However, you have to understand, the only bargaining chip the cyber kidnapper has is control over your data. If you know you can continue without any business interruptions, you feel less attacked and vulnerable. The system lockout can always be tackled parallelly, and you don’t have to drop everything and deal with the criminal.
A zero-day is a vulnerability in a software or application. The developer has provided a patch for this security hole in their next release/update.
But what happens during that tiny window in-between versions? Or worse yet, what if you’re putting off updating your machines to the latest versions possible? You’re just inviting trouble.
This is not an activity for just one or two machines. Instill this practice in all your employees as all working environments need to be up-to-date. Make sure your applications and system software updates are completed in a timely fashion.
Be Careful with your Email Attachments
Email is one of the most exploited entry-way for malware and other cyber threats to enter your system. Hackers are infamous for doctoring emails according to the mindset of their potential victim. If they’re going after someone in the finance department, they can use fake invoices to lure their victim.
Likewise, the current pandemic brought to light several fake emails imitating WHO and CDC. The attachment in the email is rigged to deploy malicious payload on opening. Sometimes, the malicious script also contains code to create backdoor accounts, allowing other malware to get in.
Do not open attachment hastily, no matter how legitimate they may seem. If it is something particularly urgent, and you’re expecting it, confirm with the persons concerned before opening any attachments.
Employ Cloud Services
Several cloud storage providers also give the feature of version control. In case of ransomware infection, it will be easier for you to bounce back to a stable version of your cloud data. All the CSPs currently provide a guarantee of data security so you don’t have to worry about that aspect if you’re on the fence about using cloud storage.
Attack Surface – What is it and how should you handle it?
An attack surface is basically a group of all the date entities a ransomware perpetrator can target. This includes all the systems, devices and services in your work environment that can conduct business. This includes — now more than ever — home machines of the employees as well, if you are allowing remote login. Keep an active track of all these entities. Just like a General in a war, you must know the ins and outs of the battleground. Often, touch base with your entire attack surface and see if there are any weak links in your armour.
This too bears resemblance to the current COVID-19 situation. The Government has designated hot zones and cold zones and safe zones. They do this to segregate the intensity of the virus.
Segment your network in a similar fashion. For this, you might need to clearly demarcate aspect of your business itself. Separate out backup servers, VoIP channels, and possibly streams of the business, like marketing, sales etc.
Do not provide unnecessary access to employees who don’t need it. It is easier to handle a ransomware on a segmented network. You’ll be more likely to identify the point of breach as well.
This is an extension of the previous point. Be very clear about account roles and privileges. Follow the good practice of using accounts designated for the specific tasks. (Don’t use an Admin level account for trivial day-to-day operations etc.)
The benefits of these are the prompts that ask you whether to allow or deny certain features or applications. You get a better control over what you’re allowing into your system. With an admin level account, you might not get prompted for grant permission for certain programs and applications. This is enough for a ransomware to slip in.
You are only as strong as your weakest link
As a business owner, you likely value teamwork as a vital aspect of your success. Well, security is also a team effort. These days, when things are so hyper-connected, even a single machine left unsupervised can cause a security catastrophe. Hold frequent training sessions on security aspects. Teach your employees the best practices for security. Raise active awareness about cyber security.
Train Yourself to be Aware
Awareness is a competitive edge in security. It stops becoming an uphill battle if you are aware of security threats and are open to actively better yourself and your organization.
For maximum ransomware protection, read as much as you can about ransomware cases and other malware attacks. When dealing with emails or phone calls, train your mind to start ringing warning bells if the other person is making strange demands.
Above all, rely on your gut. If an email looks suspicious, don’t open it. If someone on a phone call is asking for details you feel are unnecessary, hang up. Double check, cross check and verify. Being the head of your company, the onus is on you.
At Logix Infosecurity, we are passionate about raising awareness about security. For more news on the cyber space, keep reading our blog.