How to Protect Your Organization From Ransomware
Understanding what data is at risk during a ransomware attack is the first and most critical step to take, in order to prevent a large-scale disaster. Ransomware extortionists attack the computer network with malware that encrypts every file, and then demands a large ransom payment to a “darknet” site before the decryption key is provided. If payment is not promptly sent, the criminals threaten to delete the decryption key and all the encrypted data will be lost forever. Even when a ransom has been paid, there’s no guarantee that the key will work to unlock the data. The question always exists on whether paying the ransom should be done or not.
Sadly, ransomware attacks have increased greatly and the estimated worldwide cost of these attacks in 2019 was $11.5 billion1. Over 205,000 organizations in 2019 reported that they had been the subject of a ransomware attack and many of those had devastating results of companies being shuttered, city governments crippled, and hospitals unable to serve their patients2.
So, what can organizations do about these cybercriminals? The real issue is that anti-malware products are not infallible, and organizations need to have a second line of defense in place. There are a few simple steps organizations can take to help mitigate the risk of cybercrime.
- Website Browsing — Teaching users not to visit unapproved websites or click on suspicious links within emails will help to minimize the risk of phishing scams. However, it is also impetrative users can identify false emails that look authentic and will often appear to be from legitimate websites asking for sensitive data. This is an easy way in for hackers and has been known to work.
- Update, Update, Update — Regularly patching and updating the management tools on all network connected devices, including switches, servers, and personal devices, such as mobile phones tablets and laptops will create a more secure IT infrastructure. New malware exploits are now published within days of patches being available, so unfortunately your window of safety is getting smaller and smaller.
- Safe View — Find ways to establish non-native rendering of PDF and Microsoft Office documents, so that a browser or a custom app is always in safe view mode.
- Protect Your Data — Assureon is the Last Line of Defense — Data protection needs to include protection from unauthorized from malware than has escalated to super-user privileges or have compromised the Active Directory server in some way. Because Assureon™ resists attempts by privileged accounts to change or modify files, any attempt to overwrite or encrypt a file merely creates a new version. By default, all versions are stored, but version-limiting options allow protection against attacks that attempt to consume all available storage space with unwanted and corrupt versions.
- Extra Steps Taken by Assureon — Assureon includes automated integrity audits, file integrity, self-healing features, data availability, fingerprinting, private blockchain and real-time replication to insure data from ransomware attacks. Each of these features works hand in hand and have been utilized for over 15 years by organizations that not only needed data protection but had to meet requirements for regulatory compliance. Learn more about Assureon because there is some data that is too important to lose, too private to be seen and too critical to be tampered with.
Using all of these preventative steps will certainly cut the frequency of successful attacks, but the only true protection for valuable data is to aggressively lock it down. By combining data security with data protection, cybercriminals will have a harder time infiltrating an IT system. To pay or not to pay should not be the question. Instead the focus should be on preventative measures and education.
- Morgan, Steve. “Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021.” , 21 Oct. 2019, cybersecurityventures.com/ global-ransomware-damage-costs-predicted-toreach-20-billion-usd-by-2021/
- Popper, Nathaniel. The New York Times, 9 Feb. 2020, www.nytimes.com/2020/02/09/technology/ransomware-attacks.html
