Needless to say, knowing how to prevent ransomware is crucial for every modern business. It\u2019s important not just from a reputational standpoint but also from a compliance perspective. This article explores how to prevent ransomware from affecting you in the first place and what you can do as far as ransomware protection goes when you\u2019re facing an attack.<\/p>\n\n\n\n
Let\u2019s hash it out.<\/span><\/p>\n\n\n\n Now, we\u2019re not here to just cover the latest ransomware attack news<\/a> or the latest ransomware statistics<\/a>. Instead, our goal here is to help prepare you by providing you with the right information to form a strong ransomware prevention strategy. That\u2019s what this article is going to focus on. With this in mind, here are 11 ransomware prevention and protection measures you can implement within your organization. <\/p>\n\n\n\n Implementing strong network security is one of the most important things you can do to secure your business. Your network is the connection between all of your servers, applications, and endpoint devices. If that becomes compromised, you\u2019re in for a world of pain that comes in the form of noncompliance issues, penalties, and reputational damages.<\/p>\n\n\n\n Now comes the question of how to secure your network for greater ransomware prevention and protection capabilities. There are multiple ways to do this:<\/p>\n\n\n\n Regularly patching your devices is an overlooked aspect of cyber security. If you\u2019re manually rolling out updates, this important activity can be a bit tedious. And we get it \u2014 on one hand, patching is a process that\u2019s time consuming, monotonous, and takes you away from other critical tasks that require your attention. But, on the other hand, not applying patches leaves your applications, devices, and data at risk of attack by cybercriminals.<\/p>\n\n\n\n This is where automation can help. Implementing automatic updates and patching makes it so you no longer have to drop everything else you\u2019re doing to handle this unexciting task. However, use this option judiciously; in some cases, it\u2019s best to implement some updates manually to avoid issues like what we saw recently with Microsoft\u2019s Windows 10 updates last year<\/a>. <\/p>\n\n\n\n Setting up strict access management processes can help mitigate ransomware risks by restricting access to your most sensitive systems and infrastructure. This way, only select users have access (reminder: everyone doesn\u2019t need access to everything!)<\/p>\n\n\n\n You can do this by:<\/p>\n\n\n\n If an attacker doesn\u2019t have direct access to your systems, then they\u2019ll have to rely on other methods to access your critical resources. In this case, they\u2019ll typically take advantage of other security gaps that, ideally, you\u2019ll have fixed by implementing the other ransomware prevention and protection steps outlined in this article.<\/p>\n\n\n\n Since the start of the COVID-19 pandemic, we\u2019ve seen a significant increase in the remote workforce. This is great in many ways, but remote access also poses a security threat to an organization if not implemented well. In particular, this risk can be seen when it comes to the use of remote desktop protocol.<\/p>\n\n\n\n RDP is a useful tool for IT admins who need to access employees\u2019 devices remotely to troubleshoot issues or carry out other essential tasks. But things can go downhill quickly if an unauthorized user gains access to this tool. This is why it\u2019s crucial that you secure and monitor this form of access. You often can do this using firewalls and third-party monitoring tools that monitor usage, users, or both. Furthermore, you can set firewall rules that:<\/p>\n\n\n\n In general, a good idea if you\u2019re going to use RDP within your organization is to require users to turn on a VPN prior to starting a remote desktop connection<\/a>.<\/p>\n\n\n\n Unfortunately, many Internet of Things (IoT) devices are known for having unmitigated vulnerabilities. When exploited, these vulnerabilities can give attackers access to the devices\u2019 data and your larger network as a whole. This is why having strong IoT security<\/a> is imperative for any business that use smart devices.<\/p>\n\n\n\n While it makes for an exciting plotline in movies and TV shows, spending days, weeks or hours trying to hack through firewalls typically isn\u2019t how cybercriminals gain access to companies\u2019 systems. It\u2019s too cumbersome, time-consuming, and requires more effort than they\u2019d want to devote to the task. Instead, they typically use the path of least resistance by exploiting known vulnerabilities. And considering that IoT devices are often chock full of different security vulnerabilities, they make perfect targets for low-fruit-grabbing cybercriminals. <\/p>\n\n\n\n Check out our other article to learn more about how to secure your IoT devices within your enterprise<\/a>.<\/p>\n\n\n\n The worst time to try to figure out what you should do when facing a ransomware attack is when you\u2019re in the middle of one. Unfortunately, many organizations either don\u2019t bother to create these plans, or if they do, they fail to test them ahead of time to ensure that they work.<\/p>\n\n\n\n Testing your data backups is imperative; after all, why bother having backups in the first place if you don\u2019t bother checking to ensure they work?<\/p>\n\n\n\n Be sure to have data backups (which we\u2019ll talk about later in this article) and regularly test their restoration capabilities. This way, you\u2019ll know whether your backup work and will meet your needs in a real-world situation.<\/p>\n\n\n\n This isn\u2019t the first time we\u2019ve talked about cybersecurity training for employees, nor is it going to be the last. The truth is that employees represent a big risk surface for organizations. Whether it\u2019s intentionally malicious actions, earnest mistakes, or pure negligence, your employees\u2019 actions can make or break your organization\u2019s security defenses. This is why it\u2019s so crucial that they know how to recognize scams and what they should do when they receive suspicious messages.<\/p>\n\n\n\n Cyber security training should encompass a multitude of concerns and topics:<\/p>\n\n\n\n We\u2019ve put together a list of resources that you might find particularly helpful when educating and training your employees:<\/p>\n\n\n\n The U.S. Cybersecurity & Infrastructure Security Agency (CISA) recommends organizations use domain message authentication, reporting and conformance<\/a> (DMARC) as part of their ransomware prevention strategy<\/a>. The idea here is that DMARC, which builds upon both the sender policy framework<\/a> (SPF) and domainkeys identified mail<\/a> (DKIM) protocols, prevents unauthorized users from sending emails from your domain.<\/p>\n\n\n\n If you enable DMARC, you\u2019re basically creating DNS records that restrict which servers are authorized to send emails on behalf of your domain. If someone tries to impersonate an executive within your company in an email to Derek on your HR team, the email will be rejected automatically because the attacker won\u2019t be sending the message from an authorized mail server.<\/p>\n\n\n\n Cyber insurance<\/a> is a great tool for every business to have in their arsenal. While it doesn\u2019t stop you from getting attacked by ransomware in the first place, it does offer at least some protection when an event happens. For example, some types of cyber liability insurance cover ransomware costs and system recovery costs due to these attacks and other issues.<\/p>\n\n\n\n Check out this article that talks about five situations in which cyber liability insurance would be helpful<\/a>.<\/p>\n\n\n\n A good rule of thumb is to maintain multiple current, secure copies of your data backups. This typically involves storing copies on prem, at a second geographic location, and maybe even in a cloud environment. Of course, having data backups doesn\u2019t stop you from getting hit (i.e., it’s not a ransomware prevention method). But this way when something goes wrong, you have your backups to fall back on so you\u2019re not starting over from scratch.<\/p>\n\n\n\n Of course, data backups aren\u2019t going to offer the restoration protection you need in all ransomware cases. Over the last two or so years, we\u2019ve seen an increase in the use of ransomware that targets data backups. The goal here is for attackers to gain access to cloud backups so they can either encrypt them or destroy them outright, thereby preventing you from restoring your data from backups. Which brings us to our last point\u2026.<\/p>\n\n\n\n Having air-gapped data backups or storage servers can help in this situation. An air-gapped computer<\/a> is a standalone device that isn\u2019t connected to any networks, meaning that even if your network gets compromised, this offline data won\u2019t be affected. Basically, it\u2019s an isolated resource that can be used to house your most sensitive data without fear of an attacker gaining access through traditional means.<\/p>\n\n\n\n By keeping at least one copy of your data in this isolated environment, it means that you\u2019ll at least have some data that bad guys can\u2019t get their hands on without physically gaining access to the tapes or devices that its stored on. Basically, in most cases, they\u2019d have to physically gain access to your secure server room or wherever it is that you have the data stored.<\/p>\n\n\n\n It\u2019s important to note that there is still a small security risk even when using an air gapped system. An attacker could potentially use an exploit that converts your air-gapped device\u2019s RAM card into a Wi-Fi signal emitter<\/a>. But the good news here is that there are steps you can take to mitigate these risks. (Check out the linked article above for more info on that.) <\/p>\n\n\n\n The latest Internet Crime Report (2021) from the FBI Internet Crime Complaint Center<\/a> shows that ransomware was one of the top cyber crime complaints received in 2021. There were 3,729 ransomware-related complaints with adjusted losses surpassing $49 million. (Note: <\/em><\/strong>this number represents only reported incidents; it doesn\u2019t count any ransomware events that went unreported.)<\/em> This is an increase of 1,255 reported incidents and more than $20 million in additional adjusted losses than the IC3 shared in their 2020 report.<\/p>\n\n\n\n What\u2019s particularly disturbing are the stats regarding the critical infrastructure targeting by ransomware attackers. For example, 649 of the ransomware-related complaints the IC3 received in 2021 came from organizations that fall within the critical infrastructure sectors. The highest-reporting sectors were healthcare and public health (148) followed by financial services (89) and information technology (74).<\/p>\n\n\n\n One of the scariest types of targeting involves energy, agriculture, and water systems. We reported on one such attack last year when a hacker breached a water treatment plant here in Florida<\/a>.<\/p>\n\n\n\n In their 2021 Threat Report<\/a>, Sophos indicates that the average ransomware payment jumped from $84,116.00 in Q4 2019 to $244,817.30 in Q3 2020:<\/p>\n\n\n\n But how many organizations actually choose to pay ransomware demands? That answer varies from one source to the next, as many organizations don\u2019t bother reporting ransomware payments. For example, data from International Data Corporation (IDC)<\/a> shows that 87% of organizations that experience a ransomware attack choose to pay the ransom.<\/p>\n\n\n\n But does making these payments actually benefit you? Not necessarily. Sophos\u2019s report The State of Ransomware 2021<\/a> shows that organizations that chose to pay attackers\u2019 ransomware demands only got back a little less than two-thirds (65%) of their encrypted data. In nearly 30% of their observed cases, less than half of the affected organizations\u2019 files were restored. So, paying an attacker likely won’t benefit you in terms either ransomware prevention or protection.<\/p>\n\n\n\n But what about the costs of dealing with ransomware attacks (both direct and indirect)? In the same 2021 ransomware report, Sophos gave the price tag of a cool $1.85 million in 2021. This is more than double the amount reported by organizations in 2020.<\/p>\n\n\n\n Just when you thought ransomware alone was bad enough to deal with \u2014 ransomware gangs have been increasingly integrating DDoS attacks into their strategies as well. NETSCOUT\u2019s 2H 2021 Threat Intelligence Report<\/a> shows that ransomware attacks overall have jumped 232% since 2019. But what makes this situation worse is that attackers are now taking the two-pronged attack involving ransomware and either data theft or leakage and lighting a fire under it by adding distributed denial of service (DDoS) to the mix.<\/p>\n\n\n\n NETSCOUT\u2019s report shows that ransomware attacks involving DDoS have been on the rise and that VoIP service providers in North America, Europe, and the U.K. were targeted by such three-pronged attacks in 2021. One unnamed VoIP company in particular reported revenue losses of up to $12 million due to these types of DDoS extortion attacks. <\/p>\n\n\n\n As you\u2019ve learned, there are ransomware prevention steps that your organization can take to prevent it from becoming the next ransomware victim. But in the event that you find yourself facing the unenviable situation of having your systems and data encrypted by an attacker, here are a few additional things you should (and should not) do as far as ransomware protection goes:<\/p>\n\n\n\n When it comes to ransomware payments, there have been some interesting developments that have occurred over the past few years:<\/p>\n\n\n\n Of course, choosing whether to pay an attacker is a decision that every organization must make for itself as there are many variables to consider in this type of situation. This is why it\u2019s best for organizations to have emergency response and business continuity plans in place ahead of time.<\/p>\n","protected":false},"excerpt":{"rendered":" Cybercriminals increasingly rely on ransomware to carry out their campaigns of destruction on organizations globally with no appearance of stopping anytime soon. Here\u2019s what to know about how to prevent…<\/p>\n","protected":false},"author":17,"featured_media":15442,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[],"class_list":["post-15434","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","post-without-tags"],"views":7763,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/03\/ransomware-prevention-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/15434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=15434"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/15434\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/15442"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=15434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=15434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=15434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}11 Steps for Implementing Ransomware Prevention & Protection Within Your Organization<\/h2>\n\n\n\n
1. Secure Your Network Perimeter with Security Tools and Processes<\/h3>\n\n\n\n
2. Keep Your Systems Up to Date Through Regular Patching (or Use Automation)<\/h3>\n\n\n\n
3. Implement Access Controls to Limit Access to Sensitive Data and Systems<\/h3>\n\n\n\n
![\"Ransomware](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/03\/user-permissions-settings-v2.jpg\")
4. Lock Down and Monitor Your Remote Desktop Protocol (RDP)<\/h3>\n\n\n\n
5. Secure Your IoT Devices Against Unauthorized Access<\/h3>\n\n\n\n
6. Have Business Continuity and Emergency Response Plans In Place (And Test Them!)<\/h3>\n\n\n\n
7. Train Employees to Recognize Phishing Scams and Websites<\/h3>\n\n\n\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/03\/phishing-example-malicious-attachment.png\")
8. Implement DMARC to Prevent Email Domain Impersonations<\/h3>\n\n\n\n
9. Get Cyber Liability Insurance to Protect Your Organization<\/h3>\n\n\n\n
10. Keep Multiple Copies of Current Backups Readily Available<\/h3>\n\n\n\n
11. Store Your Most Sensitive Data and Backups in Offline Servers<\/h3>\n\n\n\n
Why Ransomware Prevention Matters (And Why You Need Leadership Buy-In For Ransomware Protection Initiatives)<\/h2>\n\n\n\n
![\"Ransomware](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/03\/critical-infrastructure-ransomware-attacks-2021-bar-chart-1024x616.png\")
Average Ransomware Payouts in 2020<\/h2>\n\n\n\n
![\"Ransomware](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/03\/ransomware-payout-bar-chart-1024x616.png\")
When Bad Guys View Ransomware On Its Own As No Longer Enough\u2026<\/h3>\n\n\n\n
Final Thoughts on How to Effectively Implement Ransomware Protection and Prevention<\/h2>\n\n\n\n