Ransomware is a threat variant that has existed for quite some time.  It is actually a sophisticated form of malware, and in these types of attacks, the victim’s device gets hijacked.  The screen becomes locked, and all of the files become encrypted with some unknown algorithm.  The only way that the victim can recover them is to pay a ransom, usually via a virtual currency such as that of Bitcoin.

Once this payment has been made, the Cyberattacker in theory, is then supposed to transmit over to the victim the decryption keys so that the files can be unlocked.  But just recently, attacks using Ransomware have become even more covert with more detrimental impacts occurring.

In these cases, the Cyberattacker is also demanding that if payment is not made, they will then make these locked files available to the public.

This of course can be very devastating to a business, particularly if there is customer/employee data involved, and intellectual property.  How can one mitigate these kind of risks from happening?  This is the focal point of this article.

How To Protect Your Business

1) Maintain a regular update schedule:

With the latest forms of Ransomware coming out, it is absolutely imperative that your keep all of your systems and devices upgraded with all of the latest software patches and upgrades.  This includes even firmware. In this regard, even the endpoints have to be protected.  This is often an area that is neglected and has thus become a prime source of prey for the Cyberattacker.  Also, apart from keeping everything updated, you also need to check for the availability of these patches and upgrades on a regular basis.

2) Keep regular backups:

This must be done on a regular basis as well, preferably at least every few hours.  The cardinal rule of thumb has always been to maintain a set of backups both onsite and offsite.  While in theory this still holds true, given the sophistication levels of the Cloud based platforms, especially that of Microsoft Azure, you can pretty much use this platform for all of your backup needs.  The primary advantage of this is that your IT Security will not have to fumble around for anything, and any missing datasets can be quickly and easily downloaded from the Virtual Machine (VM) that contains them.  Also, this brings up yet another key point:  As far as possible, you should never pay the Cyberattacker if you are impacted by a Ransomware attack.  By having backups in place, you can simply get new devices, and from there, download the needed information and data onto them.

3) Security awareness will be key:

Everybody has heard of the importance of Cyber Awareness Training for employees.  But given the times that we are in today, especially that the Remote Workforce will be around for quite some time yet to come, this is even more imperative.  It is important to keep in mind that the Cyberattacker is simply not looking for backdoors into your IT and Network Infrastructure.  They are also looking at launching Social Engineering attacks against what is deemed to be the weakest link in the security chain:  your employees.  In this regard, they could easily trick your team into giving out confidential information/data.  Also, the malicious payload can be deployed via a Phishing attack, especially if the employee clicks on a spoofed link or downloads an attachment with macros enabled in them (these are typically found on .DOC and .XLS based files).  Therefore, any training that is given must include these kinds of issues, what to look out for, and how to respond to them in case they feel that they may have fallen victim.

4) Have more than one layer of authentication in place:

Traditionally, it has been the password that has been used to secure your data.  But given how this can be easily hacked, many companies have adopted what is known as “Two Factor Authentication”, or “2FA” for short.  But even this is too is falling short of providing any adequate level of protection, so now organizations are adopting what is known as the “Zero Trust Framework”.  This is a methodology where absolutely nobody is trusted either internal or external to your organization, even your employees.  Also, they must have to go through at least three or more layers of authentication, in order to absolutely confirm the legitimacy of their claims of who they are.  This framework also implements multiple layers of security throughout your organization, each with their own set of  authentication mechanisms in place.  The thinking here is that if you are impacted by a Ransomware attack, this will help to mitigate and contain its further spread.

5) Make use of Penetration Testing:

Penetration tests are specific tests conducted with the main intent of totally penetrating your lines of defense, in order to discover where all of the weak points, vulnerabilities, and back doors are in both your IT and Network Infrastructures.  From here, recommendations are then provided as to how they can all be remediated, as quickly as possible so that your organization does not fall prey to a Ransomware attack.  Also, you should seriously consider implementing Threat Hunting exercises, which probes to see if there is a Cyberattacker actually lurking about your systems in a secretive fashion.  Remember, the trend here is that they want to stay in for as long possible, and inject malicious payloads a bit at a time, so that the maximum amount of damage can be delivered.

Conclusions

Overall, this article has examined some of the key steps in order to mitigate the risks of becoming a victim of a Ransomware attack.  As mentioned earlier, this threat variant is only going to get worse by 2021, as a recent study by IBM discovered a whopping 6,000% uptick in it (SOURCE:  1).  You should also very seriously consider getting some sort of Cybersecurity Insurance Policy that will help you get the funds that you need in order to resume operations in case you are hit.

Sources