From local government entities to large organisations, ransomware attacks are everywhere. It’s up to all of us to help prevent them from being successful.
Ransomware is a type of malware that blocks access to a system, device, or file until a ransom is paid. Ransomware does this by encrypting files on the endpoint, threatening to erase files, or blocking system access. It can be particularly harmful when ransomware attacks affect hospitals, emergency call centres, and other critical infrastructure.
Defending against ransomware requires a holistic, all-hands-on-deck approach that brings together your entire organisation. Below are seven ways organisations can help stop attacks and limit the effects of ransomware.
- Maintain backups – thoughtfully
Backing up data is the single most effective way of recovering from a ransomware infection. There are some things to consider, however. Your backup files should be appropriately protected and stored offline or out-of-band, so attackers can’t target them. Using cloud services could help mitigate a ransomware infection, as many retain previous versions of files allowing you to roll back to an unencrypted version. Be sure to test backups for efficacy routinely. In the case of an attack, verify that your backups aren’t infected before rolling back.
- Develop plans and policies
Create an incident response plan, so your IT security team knows what to do during a ransomware event. The plan should include defined roles and communications to be shared during an attack. You should also include a list of contacts, such as any partners or vendors that would need to be notified. Do you have a “suspicious email” policy? If not, consider creating a company-wide policy. This will help train employees on what to do if they receive an email they’re unsure about. It can be as simple as forwarding the email to the IT security team.
- Keep systems up-to-date
Make sure all of your organisation’s operating systems, applications, and software are updated regularly. Applying the latest updates will help close the security gaps that attackers are looking to exploit. Where possible, turn on auto-updates so you’ll automatically have the latest security patches.
- Harden your endpoints
Ensure your systems are configured with security in mind. Secure configuration settings can help limit your organisation’s threat surface and close security gaps leftover from default configurations.
- Review port settings
Many ransomware variants take advantage of Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. Consider whether your organisation needs to leave these ports open, and consider limiting connections to only trusted hosts. Be sure to review these settings for both on-premises and cloud environments, working with your cloud service provider to disable unused RDP ports.
- Train the team
Security awareness training is key to stopping ransomware in its tracks. When employees can spot and avoid malicious emails, everyone plays a part in protecting the organisation. Security awareness training can teach team members what to look for in an email before clicking on a link or downloading an attachment.
- Implement an IDS
An Intrusion Detection System (IDS) looks for malicious activity by comparing network traffic logs to signatures that detect known malicious activity. A robust IDS will update signatures often and alert your organisation quickly if it detects potential malicious activity.