Businesses and organisations across the UK are being hit by cyber attacks of all kinds, some of which are ransomware attacks. Not only is this a problem in the UK, but the entire world is being hit by these threats. What’s more, ransomware attacks continue to evolve, making them even more challenging to stop.
In this guide, we’ve gathered information to help you learn how to avoid ransomware attacks and recover from one. But first, we’ll review what a ransomware attack is.
What is a Ransomware Attack?
Ransomware is a type of malware attack where a cybercriminal locks and encrypts the victim’s data and files and then demands a payment (ransom) to unlock and decrypt their data/files.
Ransomware attacks take advantage of the following vulnerabilities:
These vulnerabilities may be used alone or in combination and depend on a device, such as a computer, printer, smartphone, or other endpoints.
Ransomware can be distributed through various techniques. All it takes is an infected device, a link clicked on a malicious website, or a program with malicious code to infect a system. The code downloads without the user’s knowledge or permission (in most cases) and instals the ransomware.
Ransomware may be installed through the following:
- Phishing email
- Email attachments
- Social media
- Infected programs
- Drive-by infections (visiting unsafe, fake web pages)
- TDS (Traffic Distribution System) (clicking a legitimate web page that redirects to a malicious site)
Defending against ransomware requires a holistic approach that involves employees at all levels. We’ve put together some ways your company can stop attacks and limit the effects of ransomware.
Prevent & Limit Ransomware Attacks
- Maintain Backups
Backing up important data is one of the most effective ways to recover from a ransomware attack. However, there are some things to consider when backing up data. It’s essential that all backup files are protected and stored offline or at a separate location. This keeps the data safe from attackers.
Using cloud services can help mitigate a ransomware infection. Many of these services maintain previous versions of files, making it easy and fast to go back to an unencrypted (infected) version. However, it’s best to test backups regularly to make sure they’re in good condition and ready to use in an emergency. In addition, verify that backups are not infected before re-installing them after a ransomware attack.
- Develop Plans & Policies
Next, it’s essential to develop plans & policies that determine how your IT security team should respond during a ransomware attack. The plan needs to include defined roles and communications to be shared during the attack. It’s also necessary to create a list of contacts that would need to be notified, such as vendors or partners.
Does your company have a “suspicious email” policy? If not, now is the time to create one for the entire company. Having such a policy in place informs and trains employees on what to do if they receive a suspicious email.
- Review Port Settings
Another way to protect against ransomware attacks is to review port settings. Many types of ransomware attacks use Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445.
Determine whether your company needs to leave these ports open and whether limiting connections to only trusted hosts is necessary.
It’s a good idea to review these settings for both on-premises and cloud environments, working with your cloud service provider to disable unused RDP ports.
- Harden Endpoints
Next, ensure all company systems are configured for security. Secure configuration settings can limit your company’s threat and close security gaps from default configurations.
- Keep Systems Updated
It’s also essential to ensure all your company’s operating systems, applications, and software are regularly updated. Applying the most recent updates helps close security vulnerabilities attackers are looking to exploit.
When possible, use auto-updates to automatically have the most recent security patches installed.
- Employee Training
Security awareness training is another key part of stopping ransomware attacks. Employees who have received training know what to look for and how to avoid malicious emails. Each person then becomes a part of the company’s security.
- Implement an IDS
An IDS (Intrusion Detection System) looks for malicious activity by comparing network traffic logs to signatures that detect known malicious activities. A robust IDS can update signatures often and alert your IT department quickly if potential malicious activity is detected.
- Implement an Active Threat & Vulnerability Management Program
Before an attack, cybercriminals search your organisation to discover vulnerabilities. They also study your company to learn its size and learn about its critical operations and everything they can. Criminals use this information to determine the best way to cause the worst amount of damage.
With this information, cybercriminals can plot their attack and learn how to force your business to pay a ransom. For this reason, it’s essential that your company also do its homework.
Stay current on cyber attacks and stay informed about the impact such attacks may have on your company. With this information, it’s possible to prepare a cyber threat management team and educate employees on what to look for and how to take care of issues when they happen.
- Focus on Security Attacks Before They Happen
One of the best ways to prevent or reduce the effects of a ransomware attack is to focus on these attacks before they happen. It’s imperative to understand and be prepared for these attacks in advance.
This can be done by doing the following:
- Ensuring good systems hygiene using an active patch management program
- Using multi-factor authentication
- Use consistent logging across environments
- Implement a fast analytics platform for log data to run fast searches & event correlation to identify signs of potential threats
Summing It Up
The key to preventing and limiting the effects of a ransomware attack is to take a proactive stance. Being prepared ahead of time, having policies in place, using effective security measures, and educating employees at all levels of your business are effective ways to avoid or limit a ransomware attack.
23rd February 2024
16th February 2024
9th February 2024