7 Tips on How to Best Prepare Against a Ransomware Attack
Since the first trace of ransomware was found in 2005, different malware variants have proliferated, quadrupling between 2015 and Q1 of 2016. Ransomware has become the most challenging cyber threat today. Attackers are also growing more sophisticated on deploying the malware and encrypting files once they gain access to a system.
Recent security reports show a 50% increase in phishing email attacks where macros are the method of infection, and 98% of ransomware attacks are targeted to Microsoft Office applications. According to the FBI, cyber criminals are making substantial amounts of money because the majority of companies and individuals just pay the ransom in fear of losing their data.
Preparing to deal with ransomware is important. Not having an adequate mitigation strategy in place in order to respond before your data is encrypted can be devastating.
The following are some tips and best practices to enhance your posture when dealing with ransomware:
- Fortify your network layered security
Periodically review your network defenses and determine if they are adequate to deal with the latest threats. Implemented next gen anomaly Intrusion Detection Systems, advanced Malware detection and protection, real time end-point protection solutions with the latest behavior based analysis tools.
- Strengthen your existing email security
Determine if your current email gateway has the capabilities to perform real-time inspection and detection to completely dissemble email attachments and downloads to remove potential malware threats that use hidden triggers to bypass detection.
- Review your current backup strategy
Keep data safe and the backup network separate and encrypted. Use a separate network account to perform backups. It is always a best practice to ensure that your network administrator’s account is not used to perform backups in the event that their credentials are compromised.
- Implement user accounts restrictions
Limit your network user’s access to resources, remove local admin rights, and ensure access to their network drives have the appropriate security. Use a tool to perform periodic user access reviews.
- Enhance your patch management
Patch management in production systems is a challenging task. Review your patch management strategy, if you don’t have one, it is important to develop it. Prioritize patching of critical systems and applications. Finally, run vulnerability scans to help ensure patches are deployed.
- Deploy a security monitoring tool
Deploying a security incident event monitoring (SIEM) tool is one of the most important components to detecting and proactively responding to malware attacks. Ensure that file integrity is monitored; unexpected or unauthorized file integrity changes are important indications of a potential ransomware attack.
- Train your users
Educating your users will help mitigate security risks. Having a security awareness plan to educate your first line of defense, your users, is probably as important as any security tool. Users must be able to recognize phishing emails, understand the threat they pose, and know what to do, and not to do, when they receive these types of emails. Hire a security service provider to develop, social engineer, and email Phishing campaigns in order to test your users’ abilities to recognize potential threats.