The term ‘ransomware’ refers to malicious software that is purpose-designed to encrypt sensitive files and devices so that they can be leveraged for extortion. Ransomware attacks are a global threat now that’s affecting businesses across industries. The adverse impact caused by a successful ransomware incidence can prove to be substantial to a company, including the forfeiture of access to systems, information, and operational outages.

The potential downtimes, along with unprecedented expenditure to restore, recover, and implement new security policies and processes, can indeed be unnerving. Admittedly, ransomware has turned out to be an increasingly sought-after alternative for hackers over time. Considering Gartner’s research for 2020, it is no surprise that attackers will continue to utilize it in the forthcoming years.

Here is a curated list of some of the best industry practices for preventing ransomware infiltration in 2020.

Combine Strong Passwords with Multi-Factor Authentication

Default or easily guessed passwords can be easily broken with brute force attacks. Another avenue for ransom attacks is RDP which provides hackers with remote access to PCs. Therefore, it’s recommended to not only use strong passwords but also change the RDP port, and keep it open only on devices where really needed.

A multi-factor authentication (MFA) offers you an extra level of security beyond the passwords. MFA should be enforced especially for critical applications, to ensure that the applications can be securely accessed and that they are not susceptible to any intentional or accidental attempts to alter their settings, which could make them increasingly vulnerable to ransomware attacks.

Ensure All Endpoints are Protected and Patched

It’s best to routinely examine the devices to ensure they are up to date and protected. This includes deploying next gen antivirus packages with ransomware add-ons that monitor for suspicious behaviour such as file encryption. Also, it’s a best practice to keep security patches up to date for both operating system as well as applications. Any unprotected device could become susceptible to ransomware intrusion.

Deploy a Email Scanning and Filtering Solution

Ransomware gangs take advantage of lack of employees’ technical expertise as well as awareness to spread malware and launch ransomware attacks via emails. Scanning and filtering the phishing and ransomware emails before they reach the user inbox is one of the easiest ways to mitigate the possibility of ransomware attacks.

Keep Your Staff Aware of Security Threats

No solution is perfect in cybersecurity world as both technology as well as attacks keep evolving and become more sophisticated with each passing day. For example, despite deploying email scanning and filtering systems, some phishing emails may still make their way into user inbox. So security awareness training for staff is a very important tool for staff to be aware of security related risks as well as how to recognize with things like phishing emails that could put not only their systems but whole organization at risk.

Plan and Execute an Effective Data Backup Strategy

Periodic backups of critical information are part of the preparation for worst case scenario i.e. if some devices are compromised with ransomware.  However, for backup strategy to be effective, it’s important to identify the mission critical information correctly, frequency of backup, and where that data is stored i.e. on personal laptops, in data center servers or in cloud.

Maintain Inventory of Devices Connected into Network

Covid19 pandemic has transformed how and where we work. Working remotely has gained acceptance across industries. With work from home and IoT being new realities, a lot more devices like phones, tablets, home computers, etc. may be connected to corporate network all of which may not be managed by corporate IT, and hence may not be up to date in terms of security patches and anti-virus software. Supplier devices connecting into corporate network is another example. Such devices can provide potential backdoor to hackers into the networks to launch malware or ransomware attacks. So it’s important to have visibility into inventory of devices that connect into the network, and the kind of security risks they possess.

Have a Comprehensive Incident Response Plan

A comprehensive incident response plan is an important part of security strategy. Plan should have sufficient detail to deal with all types of security incidents including ransomware. Plan should consider technical as well as business aspects e.g. data recovery from backup, PC cleaning, internal and external communication, regulatory compliance impact, insurance, etc.

Gain Insights into Network and Endpoint Activities

In order to prevent or pre-empt the ransomware attacks you need to consider deploying appropriate detection and prevention mechanisms. There are many security platforms such as intrusion detection, intrusion prevention, real-time threat intelligence, EDR, and SIEM platforms that give an insight into network traffic, identify traffic anomalies or presence of a potential ransomware on a device. Early identification of potential attacks can not only help figure out quick resolution but also prevent it from spreading to other parts of the network.

Review Exclusion List in a Periodic Manner

Exclusions may be requested by genuine users at times when they believe that a protection solution is taxing their systems. Malware that manages to hide in the excluded directories is more likely to cause disruption, as it’s not examined by existing computing resources.

It’s best to regularly check the exclusions list within the applicable scope of threat protection enabled and keep the exclusion list as short as possible.

The Bottom Line

Technology alone would not be able to prevent the hackers from breaching your organizational network and infiltrating it with malicious code to deploy ransomware. Instead you need a combination of technology, a cybersecurity operational framework, and technical expertise to prevent and resolve the security issues.

Zenmid takes pride in offering state-of-the-art cybersecurity solutions to small and medium businesses across USA. Some of our most popular offerings include professional services, advisory services, managed security services, and training. We are deeply committed about equipping our esteemed SMB clientele with enterprise grade security and experience sans any significant cost escalation.