Preventing ransomware and limiting its impact can be accomplished with prevention, preparation, response, and recovery strategies. These strategies will help minimize the financial return for attackers, making them less likely to target your organization.
Preventative measures can include enforcing application directories, allowing listing policies, and isolating systems from wired and wireless networks. These steps will protect data and backups from attacker erasure/encryption.
As ransomware attacks become more sophisticated, attackers use stolen data to pressure businesses into settlements
Secure Your Data
According to cybersecurity experts like those at Fortinet, the best way to avoid paying ransomware settlements is to mitigate against the potential loss of critical information by ensuring that the data stored in your business is securely protected.
To start with, ensure that you have ransomware-resilient backups in place. Be sure to test these regularly. Also, encrypt any data that is stored on your network. This will prevent any malicious activity from decrypting the data and will make it impossible for criminals to demand a ransom for your company to recover data that they’ve stolen.
Also, limit access to data in your business to only those that need it. This will prevent attackers from using data as leverage against your company and will help protect you from regulatory and privacy issues. Additionally, it’s a good idea to map out your entire data inventory to understand exactly what is being collected and where it is being used.
Lastly, use multi-factor authentication (MFA) for all critical systems and devices. This will help prevent opportunistic data breaches caused by employees forgetting to log out of company applications or locking their devices when they leave work for the day. Additionally, it’s a good idea to secure your WiFi so that only connected business computers can access data and that staff members’ devices can only connect to restricted guest WiFi.
Conduct a Risk Assessment
Every organization, regardless of size, should perform a risk assessment.
It can help protect the organization against costly damages such as data loss, ransomware attacks and lawsuits. While the exact steps that need to be taken during a risk assessment can vary based on a business’s type, industry and compliance rules, five general steps are commonly used in all types of risk assessments.
The first stage in a risk assessment is to locate potential dangers that might compromise a company’s ability to run. This can include anything from natural tragedies to power disruptions and cyberattacks. The importance of each risk to the organization must be determined after a list of potential hazards has been compiled. This decision could be made based on the assets’ monetary value, legal status, or significance to the firm’s functioning.
It’s crucial to take into account the possibility that any threat may succeed in hurting a company. Calculating the impact of each potential damage and multiplying the result by the likelihood that a danger would materialize this can be ascertained. This will help the business choose how much to spend on security solutions to guard against harm and lessen risk.
Create a Backup Plan
It would help if you created a backup plan to mitigate the risk of a ransomware attack and potential recovery costs. This should include identifying the critical data that needs to be backed up and the method for doing so. This includes data on network servers, desktop computers, laptop computers and wireless devices, hard copy records and information that must be scanned and digitally stored.
It would help if you also considered securing your backup and archive systems to prevent attackers from deleting or altering the data in your backup system. Designate “protected folders” inaccessible to applications and protect backup files with strong encryption techniques. It is also a good idea to isolate backups from online/production workloads to help ensure that attackers cannot get write access to your backup data.
In addition to the technical preparations you should make, you will want to prepare your business non-technically by setting up an emergency response team and establishing procedures for notifying and communicating with employees during an incident. Create a relationship with a corporate attorney so you may contact them in case of a breach. If a breach leads to negotiations or other legal issues, they could be able to assist your company. In addition, you should implement preventative actions like securing domain controllers, restricting the use of Microsoft Powershell scripting and disabling Microsoft micro scripts, and using an email filter that incorporates the Domain-based Message Authentication Reporting Conformance (DMARC) feature to reduce the likelihood of malware attachments being opened by unsuspecting users.
Set Up a Disaster Recovery Plan
The easiest method to lessen the effects of an assault is to regularly back up employee data, whether you utilize hard disks or cloud options. Making training materials for staff members on playing their role, such as avoiding clickable links or identifying the telltale signs of a phishing email, is also a smart idea.
If you discover a ransomware infection, immediately disconnecting the infected device or devices from any network connections will limit the damage and speed up recovery. This should include disabling WiFi, disconnecting core network switches and turning off any internet connections to the infected device. Additionally, you’ll want to reset credentials, including passwords (especially administrator and system accounts), to prevent hacker access and escalation.
Create a Disaster Recovery Plan (DRP) with step-by-step instructions in plain language so your team knows what to do during an attack or other disruption. Register ransomware as a risk in your company’s risk assessment and track mitigation status in your Enterprise Risk Management (ERM) assessment cycle.
Consider creating a separate, redundant data center for backups to protect them from being corrupted by ransomware. The frequency of these backups will depend on the type and size of your organization, but it is important to have redundancy for maximum protection. This will ensure that if one location is compromised, the other backups are still available for restoration.