To prevent a ransomware attack, experts say IT and information security leaders should do the following:
- You can’t protect what you don’t know exists:
Developing an inventory of your assets is crucial. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
Be in a position to answer the questions instantly like:
- How many PCs from a particular manufacturer do you have in your environment?
- Which desktops/laptops are running an operating system that its vendor recently stopped supporting?
- Which IT assets have a particular piece of software installed?
2. Keep all software up to date, including operating systems and applications:
Updates are important. They are available for both our operating system and individual software programs. Performing these updates will deliver a multitude of revisions to your computer, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered.
3. Use A Supported Operating System:
Just because your old computer is still running doesn’t mean that you’re going to continue to receive updates. Both Apple and Microsoft stop providing updates for older operating systems. For example, Microsoft no longer provides updates for Windows XP, and Apple does not provide updates for early versions of OS X.
If the creator is no longer providing updates for a particular operating system, then that operating system becomes more dangerous every day you continue to use it. If a new vulnerability emerges, an update to remove the vulnerability may never be released. Virus writers know this and use it to their advantage, often preying on computers that are not just behind on a few updates, but computers still running an unsupported operating system.
Therefore, it is important that you are running a maintained operating system, one that is still receiving updates.
4. Use an Antivirus Program:
An evergreen solution to prevent against most threats is to use a good antivirus software from a reputable vendor and always keep it up-to-date.
5. Regular Backup your Files:
Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked. Better safe than sorry.
3-2-1 Backup strategy is good.
3-2-1 strategy means having at least
- 3 copies of your data
- 2 local copies on different storage types
- 1 backup off-site.
6. Segment the company network:
Don’t place all data on one file share accessed by everyone in the company. Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.
"Good network segmentation is not going to make it impossible to compromise your network, but it does make it more difficult." ~ Mat Gangwer, security operations leader, Rook Security Inc.
7. Train and re-train employees in your business:
Your users can be your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails. As ransomware is commonly introduced through email attachments and links, arming employees with the knowledge they need to practice secure email and browsing habits can prevent many ransomware attacks from succeeding.
Train employees on how to recognize phishing attacks as well as best practices such as not opening attachments or links in emails from unknown senders, checking link URLs, and never clicking pop-up windows.
Training should be ongoing rather than a single session to ensure that employees keep up with new threats and maintain secure habits.
8. Develop a communication strategy to inform employees if a virus reaches the company network:
The speedy dissemination of information is vital in stopping an attack or the continuance of an attack. It is vital that all users on the network be made aware of an attack or attempted attack to ensure the vigilance of other users on your network. It is likely that other users have also received similar phishing emails and your quick response may prevent further damage.
9. Instruct information security teams to perform penetration testing to find any vulnerabilities:
The Penetration tests must be carried out periodically either by Third party organization specialized in Security Testing or by the specialized internal resource. Periodic assessment of its information assets, network equipment, and applications should be conducted and fixed all gaps found during the assessment.
10. Keep Your Knowledge Up-to-Date:
There’s not a single day that goes without any report on cyber-attacks and vulnerabilities in popular software and services, such as Android, iOS, Windows, Linux, and Mac Computers as well.
So, it’s high time for users of any domain to follow day-to-day happening of the cyber world, which would not only help them to keep their knowledge up-to-date but also prevent against even sophisticated cyber-attacks.
Mitigating an attack:
If your company is hacked with ransomware, you can explore the free ransomware response kit for a suite of tools that can help. Experts also recommend the following to moderate an attack:
- Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network.
- Launched less than a year ago, the No More Ransom (NMR) project has started as a joint initiative by Europol, the Dutch National Police, Intel Security, and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals.
The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools.
The platform is now available in 14 languages and hosts 40 free decryption tools, supplied by a range of member organizations, which can be used by users to decrypt their files which have been locked up by given strains of ransomware.
- Boston-based cyber security firm Cybereason has released RansomFree — a real-time ransomware detection and response software that can spot most strains of Ransomware before it starts encrypting files and alert the user to take action.
RansomFree is a free standalone product and is compatible with PCs running Windows 7, 8 and 10, as well as Windows Server 2010 R2 and 2008 R2.
Source: The Hacker News, Tech Republic, security.illinois.edu, digital guardian.com, Sophos, It.ie, Cybereason