Blog

Ransomware: Improvise, Adapt and Overcome

By December 1, 2018 No Comments
ransomware-protection

With the increased reputation and net worth of your organization, more cyber criminals become interested in getting a large share of the profits you are having. By probing your network from inside or outside, they may find a vulnerability that may expose sensitive data to them. Cyber-attacks are not new to the IT world, but the innovations in cyber-crime practices are. The same set of tools that are used by network administrators to monitor and maintain their networks can be used by an attacker as well.

In the world of cyber-crime, a new trend has emerged. Attackers now design malicious programs that can replicate itself and lock all the data on your server, data center, and office computers. Once attacked, a system is rendered unusable. You will be open your file, but you won’t see any data. Instead, every time you will see a popup screen asking you to pay money in order to unlock your file. This is the new trend that attackers are using and in the cyber world is known as Ransomware.

As of 2018, ransomware has been massively disruptive. In 2016, businesses paid $301 million in ransomware payments according to Datto (https://www.datto.com/news/datto-releases-global-state-of-the-channel-ransomware-report ). Damages reached $5 billion in 2017. (Source: Cybersecurity Ventures, https://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/).

In order to prevent the havoc of a ransomware attack, you need to develop some strict security disciplines in your organization. The following best practices will develop a robust plan that would work each time there is a security threat.

Implement Best Practices for User Behavior:

The first thing that you will need to secure is how your employees use the IT services in and outside the organization. A malware program may enter the organization from an employee’s email which he accessed using the office computer. Therefore, you should implement a robust security awareness campaign that will mitigate any risk of a data breach through social networks.

Other, but highly important practices that your employees should adopt are:

  • Use of unique and robust passwords which should be changed regularly
  • No personal information should be provided when answering an email, unsolicited phone call, or a text message
  • Provide the latest antivirus tools to your employees to secure their office as well as personal computers
  • Test your organization’s emotional response to a crisis, and their evacuation procedures by conducting security drills

Develop an Effective Disaster Recovery Plan:

Keep your RPO (Recovery Point Objective) and RTO (Recovery Time Objective) as low as possible. RPO is the time of your last backup. It defines a time up to which an organization could bear with data loss when a disaster occurs.  RTO is the minimum time in which you can recover your backup and put your services back to work. If you have not determined your RPO and RTO, you should do it immediately. This is required to be prepared with a plan when a security disaster strike.

Basic backups are outdated against a ransomware attack. Therefore, you should take regular data backups according to your RPO and test the recovery from the backup (RTO) to ensure they are robust against cyber-attacks.

Segment Your Underlying Computer Network:

It is necessary to prevent other systems from a ransomware malware is it is detected on your subnetwork. Segment the entire network in such a way that a detected ransomware shall not reach the main server and data center mainframes. You can easily isolate the compromised computer by diverting all the incoming and outgoing traffic to that segment.

Add Anti-Ransomware Solutions:

Most of the antivirus companies offer an anti-ransomware tool. Upgrade to an anti-ransomware support plan of your antivirus on every office and personal computer. Or integrate a standalone anti-ransomware software in your organization. An anti-ransomware tool will employ deep content scanning to identify any ransomware-like file. It will also filter your business mail servers so that any suspicious email goes to spam folder automatically. Some of the prominent anti-ransomware tools in the market are:

  • Avast Free Ransomware Decryption Tools
  • Trend Micro Lock Screen Ransomware Tool
  • Kaspersky Anti-Ransomware Tool
  • Zemana Antimalware
  • Malwarebytes 3

Use Virtual Private Network (VPN) When Accessing Public Wi-Fi:

During the business trips, you will often use public wi-fi to access your company’s IT resources. But public wi-fis are least secured. Someone with a packet tracking tool like Wireshark can easily find your system password and other sensitive information that is sent over the network. Use of public internet to access your company’s network is an open invitation to ransomware and other malicious security threats. A VPN in place will create a safe and encrypted connection over any less secured network. Remote users and branch offices can securely access a company’s server and network applications.

Ransomware is a very serious threat that can cause enormous damage to an organization. Within seconds. your finances and reputation can be damaged. At worst, it can halt your entire business operations and can put your company out of business. Therefore, security measures should be taken in advance which includes regular backups and use of an anti-ransomware tool in every computer. You can prevent yourself against any threat by incorporating the latest security practices in your company.

Contact us today to learn about Bleuwire™  services and solutions in how we can help your business.