Ransomware is one of the most common and longstanding threats in the online world, evolving as firewalls become harder to break through and new technologies make attacks more challenging to overcome.
Cybersecurity efforts must be ramped up to meet the frequency of modern threats. Analysts, engineers and IT teams must collaborate to build robust defenses and construct a risk response plan.
Here are some of the most effective ways to withstand ransomware attacks and how companies should respond in a risk-response scenario. Taking these precautions will help businesses withstand hackers’ demands and emerge with their data and reputations intact.
What is ransomware—and how can prevention vary?
Threat actors infect machines with ransomware to exfiltrate sensitive data, like personally identifiable information (PII), and hold it for ransom. Numerous ransomware iterations exist, but they all have this common foundation and motivation.
Cybersecurity teams can implement safety precautions to prevent entry and outline protocols for what to do if hackers compromise their network.
Unfortunately, no one method is sure to protect against every kind of ransomware attack. Some hackers use social engineering to manipulate people into revealing credentials, and others may find their way into databases through software backdoors.
Prepare to install special measures for each nuance of ransomware to provide holistic protection. It will take time, so it’s vital to prioritize and execute defenses strategically. These best practices will keep businesses and their employees safe from data theft.
1. Research every variant
Naming every ransomware variant isn’t always possible, as hackers keep inventing novel styles, such as ransomware-as-a-service (RaaS). However, researching and staying informed of trends will provide a necessary baseline for prioritizing defenses. Every news outlet and byte of historical data can provide insight into tactics hackers try to keep hidden from analysts.
Noticing changes in ransomware trends will make teams less likely to get blindsided. Here are some of the most well-known and destructive forms of ransomware and related techniques:
- Screen lockers
- Double and triple extortion
- Phishing emails
- Remote desktop attacks
2. Restrict permissions
Most businesses grant access to data without thinking. Role-based policies only permit individuals to enter certain digital realms if it’s within the specs of their position. Though some companies could feel it’s micromanaging or inconvenient to have others reach out and grant permissions to those who don’t have access, it’s necessary to maintain an effective security posture. Organizations must also continually evaluate these users, deactivating inactive or irrelevant names in the system.
In the event of a breach, it’s much easier for analysts to pinpoint the cause of entry if only a few individuals can access any particular area. Frameworks like zero trust or least privilege are invaluable in a volatile situation. Adding two-factor authentication and endpoint security are other ways to require internal authorization from the user’s end. This bolsters protection for every employee, minimizes unintended access and increases cybersecurity hygiene throughout a company’s network.
3. Encourage decentralization
Issues arise when everything connects in a digital landscape. The more expansive the surface area, the more room hackers have to play. Network segmentation, or separating silos into smaller independent units, could provide more robust security for businesses implementing it.
Companies can buy time if cybercriminals must attempt different tactics to reach various network areas. Additionally, diversifying the storage methods will test hacker agility. Cloud storage, hardware, and other types of computer-based caching require unique mobility to cross through lines, especially when they usually have varied protections.
4. Use offense as defense
Firewalls and antivirus software are necessary items in any line of cybersecurity defense. But sometimes a more aggressive approach is warranted.
Penetration testing is one of the best ways to find vulnerabilities in a system, trying to locate every possible way someone could find their way inside a system with ransomware. Ethical or white-hat hackers also provide this service by running mock scenarios in attempts to gain entry to reveal cybersecurity improvements.
5. Implement a data recovery strategy
Companies must have data backups if hackers threaten to steal, spread, or destroy their information. The ransom won’t feel as daunting if you have current, untainted replicants.
However, a data recovery strategy requires delicate planning before a situation occurs, as it assigns where the company stores information, the geographical redundancy objective, the latest version available and the retention objective.
The 3-2-1 backup rule is best practice for keeping your data protected against ransomware and other malware. This rule advises you to have at least three copies of your data stored on two different media types (such as a hard drive and a cloud storage service), with at least one copy located off premises or in secure isolation.
What should you do if you are attacked?
Though it may not sound like productive guidance, the first item of business is to remain calm. Many threat actors want impulsive, emotional responses from their victims to result in quick payment. That’s why it’s critical to give yourself time to consider every possible solution, attempt data recovery, and implement solutions.
Companies should follow detailed business continuity plans and risk response frameworks. These will vary from company to company based on trial tests with effective methods. The most vital thing is to have something in place so no one feels caught off guard and unsure how to respond.
Access our 7-Step Ransomware Incident Response Plan for tips and strategies.
Businesses should also report compromises to federal law enforcement, the Cybersecurity and Infrastructure Security Agency (CISA), and other relevant legal bodies to assist with remediation.
Should you ever pay a ransom?
Unfortunately, the answer to whether you should ever pay a ransom isn’t clear—especially when industry experts can’t even reach a consensus. It’s best to consider both sides of the argument and your own situation when making decisions. This is not a black-and-white issue and it’s vital to understand the pros and cons of paying a ransom.
Why you should not pay the ransom
As with any hostage situation, there’s never a certainty from the threat actor that paying the ransom will result in the resolution they promise. Companies could pay millions to a hacker and never get their data back.
The attacker could also take the opportunity to execute double extortion—after receiving the first fee to return your data, they immediately demand another for an encryption key. Dollars can add up rapidly as criminals manipulate desperate enterprises.
Another side effect of paying a ransom is related to public perception. Every ransomware attack on a company quickly becomes news. Companies paying the criminal might suggest to customers they didn’t have adequate protection or response plans, deteriorating their reputation.
Finally, paying attackers directly funds further cyber crime. Even if it might prove to be the fastest solution, it also singles you out as a viable target for the next attack. Therefore, businesses should never resort to paying if they can conceivably avoid it.
When paying might be the right move
Even robust data recovery strategies sometimes aren’t enough. Backups may be on a schedule, and there will always be a window of missing information if company information isn’t updated instantaneously. Businesses may ultimately be forced to release funds if something missing is critical to a company’s success.
There’s also a small possibility that paying hackers could lead to cybersecurity or even forensic insight opportunities. Charismatic negotiators may be able to unravel the vulnerability that let the hacker in, while law enforcement could potentially trace payments to the recipients.
Of course, this strategy should only ever be undertaken with the approval and collaboration of the appropriate law enforcement agencies. It’s a roundabout way of performing additional security, but that’s why ransomware situations are equal parts practical and political.
Bottom line: Preventing ransomware attacks
All companies—of any size—should make cybersecurity a top priority to protect themselves from ransomware and other attacks. These threats will only increase in creativity and severity, and businesses must implement proactive solutions instead of scrambling for answers in an active threat environment. Create exhaustive solutions and envision the best response. Preparedness is the most significant asset in triumphing over ransomware, no matter what form it comes in.
Discover the best ransomware protection software to implement in your organization.