This is the final part of our ransomware series. In Part 1 we provided an introduction to ransomware, Part 2 covered how to identify an infection on your systems and Part 3 introduced some first steps to take after finding that you have been infected. This Part will outline some general recommendations on how to minimise the ransomware threat to your business.
As ransomware attacks are becoming more prevalent (and are likely to continue as long as malware authors get paid) it is common among the security industry to prepare for the time when you have an incident, not if. So acknowledge the ransomware threat and its ability to impact your business and never think you are safe from attack.
We've outlined some quick advice below that should help minimise this threat to your business.
- Take practical precautions to protect the IT infrastructure and the data that it holds on a continual basis, for example by running attack scenarios to test and evaluate its security.
- Employ defensive technologies as part of a “defence-in-depth” strategy that will lessen exposure and will block malware from spreading around your networks. Firewalls and email security products can block known malicious senders and strip known malicious attachment files types; ad-blockers and script-blockers in browsers can help too; and new isolation “sandboxing” technologies can prevent the download and execution of ransomware from phishing links, malvertising, web drive-by and watering hole attacks.
- Implement a rigorous backup regime to make sure you don’t lose your data in case of an attack, backup your data frequently and store it in multiple locations (offline) where infected systems wouldn’t be able to access it. Test regularly that they remain inaccessible for these systems, and most importantly, regularly test that the backups are completed correctly, and that the data restoration procedures work.
- Speak to your IT department or provider about improving cyber security hygiene such as keeping patches up-to-date and protecting your network to minimise the likelihood of a successful exploit.
- Plan for the worst case by considering how to build in resilience into technical systems and processes which will enable you to continue to work should a critical system be locked up by ransomware.
- Have an Incident Response plan and test it on a regular basis to see where improvements can be made. If you do not have skills in-house, retain the services of an expert computer forensics provider. For larger or more prevalent organisations where a breach would generate public interest, ensure you have a suitable communications plan for informing the press and external parties about a ransomware outbreak.
- Perform staff awareness training. Ensure your staff fully understand the threats your business faces and know the most likely methods of attack (e.g. phishing emails).
The aim of this series was to answer some of the most commonly asked questions about ransomware, give advice on how to protect yourself and your business and on how to effectively respond to an attack.
If you would like to find out more about how Context can help you respond to a ransomware attack, or would like to find out more about one of our other services, then please do not hesitate to contact us.