Preparing for a ransomware attack: the basics
In this first article, let’s start by covering the basics.
What is ransomware?
The National Institute of Standards and Technology (NIST) describes ransomware as “a type of malware that attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid”.
Minimize the risks
Businesses which are victims of a ransomware attack usually have a very hard time returning to the pre-ransomed state, so to minimize the risk of the falling victim there are some basics everybody should have in place. There is no absolute solution against ransomware (or any other attack initiated by bad actors for that matter), but one can take some precautions to greatly minimize the risk of being the victim of a ransomware attack. Our top 5 would be:
#1: Know all your assets
This is relevant for both hard- and software. It will also help in knowing where your data resides. If you know what devices and applications you have and what access they have to your data, it is easier to control that access. And keep the bad guys out.
#2: Patch, patch, patch
Once a patch is publicly released, everything that was fixed in the patch is also known. Why be an easy target by keeping faulty stuff active if you can do something about it easily?
#3: Segment your network
To prevent infection from spreading everywhere it is good practice to segment your network and control the traffic between segments. The more granularity there is in the segments, the smaller the chance of widespread infection.
#4: Back up your data and protect the back-ups
The purpose of backing up data is to be able to restore that data in the event of a failure. Bad actors know that too and will, once they get a foothold in your enterprise, try to either disable, encrypt or destroy your back-ups. So, make sure your back-ups are read-only (to prevent encrypting) and protected from deletion for some time.
#5: Create, maintain, and test awareness
People could be among the strongest links to protect your data… if you teach them how. It is therefore highly advisable to incorporate them into an awareness program, where you train and regularly test them. The outcome of the tests should be used to further enhance the program (more or different kinds of training), but never to name and shame the tested.
As stated, this is just a top 5. There are many more things that can (and should) be done to minimize the risk of ransomware being effective within an enterprise. They depend on exposure, the type of business you are in, and much more. But no matter what business you are in or how many employees you have, no one is safe.
So, next to having the basics in place, you’d better also prepare for that unwanted and horrible message: “Oops, your files have been encrypted”. More in the second installment, Prepare for the worst.