Your organization has just made a startling discovery. They have been the victim of a ransomware attack and are now facing the challenge of what to do about it. Moreover, you discover that your backup files have been corrupted as well and will be of no use in a recovery effort.
Unfortunately, this scenario is all too familiar these days. Ransomware is not only on the rise, but the attacks are becoming more sophisticated.
When it comes to ransomware, once your files have been encrypted there is not much you can do about it, except to minimize the impact and pay up. Although, in many instances even when you do pay up there is no guarantee that you will get your files back.
A recent advisory issued by the FBI strongly recommends that victims of a ransomware attack should not pay the criminals to get their files back. This is a change from 2015 when the widely accepted opinion was to simply pay the ransom. Their stance is that paying the criminal does not necessarily guarantee that you will get your files back. Paying the ransom just emboldens the cyber criminals to target other organizations.
That is why it is critically important to prevent ransomware attacks from happening in the first place. Here are a number of tips to help your organization reduce the chance of falling victim to a ransomware attack.
- Educate your employees in the danger of ransomware attacks and their critical roles in protecting the organization.
- Ensure strong anti-virus and anti-malware solutions are in place, up to date and operational.
- Implement a vulnerability management and remediation program and ensure operating systems, software applications and firmware are patched on a regular basis.
- Manage the use of privileged accounts and make sure that no user have administrative access unless absolutely necessary. Access lists also need to be reviewed on a regular basis and managed accordingly.
- Configure access controls, directory and network share permissions appropriately. Most users will probably not need write access to directories or critical files. Limit those who do to a few people as possible.
- Back-up your data on a regular basis and verify the integrity of those back up files.
- Isolate and secure your technical backups. Ensure they are not connected to the computers and networks they are backing up to avoid getting infected with ransomware.
A couple final thoughts about ransomware prevention. First, stay informed as an organization. One of the most common ways that computers are infected with ransomware is through social engineering. An organization needs to educate all of its employees on how to detect phishing scams, suspicious websites, and other common ploys. Additionally, we need to err on the side of caution. If anything looks suspicious or seems suspect, it probably is.
Also, having secure back-ups protected from ransomware will save the organization time, money and heartache in the event of a successful ransomware attack.
To understand more about ransomware, or how to protect your business from it, please contact VioPoint at firstname.lastname@example.org or call at (248)373-8494.