How to protect yourself against ransomware attacks and keep your data safe

Understanding ransomware: what it is and how it works

Put simply, it's an especially irksome form of malicious software (malware), designed to infect your device and operating system and wreak havoc in order to force a ransom payment. Once it's in your computer system, it'll take a digital hostage and often, there's nothing you can do to stop this from happening. Unfortunately, paying the ransom doesn't guarantee the problem goes away. Giving in to cyber criminals can make you a future target, once they know they can take advantage of your business.

If you don't invest in ransomware protection, your important data is at risk – and that means your business is at risk. The last thing you want is to be backed into a corner by cyber criminals, dealing with the dilemma of a ransom payment that may cause more trouble.

Common types of ransomware

In order to prevent ransomware threats, you need to know what you're dealing with. There are some typical forms of ransomware you should look out for:

• Encryption

  This ransomware encrypts your data and prevents you from accessing important files. The ransom payment is demanded in exchange for a decryption key to unlock these encrypted files.

• Lockers

  These ransomware infections target and lock down your computer systems. Work is disrupted and usually, the business cannot function until the systems are unlocked.

• Scareware

  These trick you into buying "security software" or other services you don't need through scammy scare tactics. An example is flooding mobile devices with pop-ups you can't get rid of.

• Leakware

  Once they're in the system and have access to your important files, they'll threaten to leak the sensitive data unless the ransom is paid.

How does ransomware get into your system?

Ransomware infections are delivered in a few common ways. Some of these take the form of social engineering attacks, designed to manipulate trusting people into becoming a gap in security.

• Phishing emails that trick users into downloading email attachments or clicking on malicious links
• Visiting malicious websites that automatically infect you
• Downloading corrupted files and extensions
• Vulnerabilities in your system and network, usually by not doing security updates
• Remote desktop protocol attacks where cyber criminals gain unauthorised access to your system

Top 10 strategies for protecting your business against ransomware attacks

Now that you know the potential threats you face, how do you protect your sensitive data, storage devices, computer systems and people? Here are our top ten picks on best practices for ransomware protection.

1. Backup your data regularly

   Routinely back up your data to an external hard drive or even cloud storage. Ideally, you want to back up your files daily. In the event you do get infected, you can then wipe your systems clean and restore important files from before the attack (sans malicious code).

2. Keep your systems and software updated

   This includes your operating system, other computer systems, security software, website and plugins. Update regularly as cyber threats evolve to get past the security features of outdated versions. This goes for protecting yourself against all cyber attacks.

3. Invest in antivirus software and ransomware detection software

   Comprehensive security software is an absolute must. These scan your system to detect ransomware infections and automatically respond to defend you. It's the best way to catch threats early before they have time to take root. Antivirus software is your first line of defense - however, know that your security software is only as good as your configuration of it. Take the time to set up your defenses properly.

4. Consider network segmentation

   This splits up your network to avoid the rapid spread of ransomware infections in the event of an attack. By segmenting your network, and equipping each segment with its own security software and unique access, you can quickly lock down an attack. This gives your team more time to identify, isolate and eradicate the threat.

5. Whitelist applications that are safe

   This is the opposite of blacklisting known dangerous apps. Whitelisting means you can only download specifically approved applications. By whitelisting applications, you control what software is installed, making it harder for attackers to exploit vulnerabilities or introduce malware.

6. Limit the users that can access all sensitive information

   Create tiered access to the important data of your business, limiting the users that have permissions on a "need-to-know" basis only. This reduces the chances of unauthorised access and leaks. Reinforce this with multi-factor authentication and strong passwords to mitigate hacking.

7. Run regular security awareness testing

   Given ransomware is often delivered via phishing emails, it's a good idea to test how well your team can identify a fake. Regular cyber awareness testing like phishing simulations highlight gaps in security. Implement this at every level, especially for large companies with constant growth.

8. Train your team to implement best practices

   As we said, people can be a vulnerability, especially in the face of social engineering attacks. The better you prepare them, the less likely your employees are to fall for ransomware attacks. Invest in security awareness training and equip your team to recognise cyber attacks.

9. Prepare a cyber incident response plan

   An incident response plan is important because you may not be able to prevent every ransomware attack – so be ready to deal with it swiftly. This plan should cover the people involved with clearing the threat, their roles, tools and resources. Walk this through with your response team regularly, do drills and get prepared.

10. Implement a robust disaster recovery plan

    Once you've locked down the threat, you still have to deal with the aftermath. That's where disaster recovery comes into play. The goal is to minimise downtime caused by the ransomware infection, recover any data loss, and get operations back up. If you've covered some of the above steps like network segmentation and backing up data, this is where it all comes in handy.

What to do if your business falls victim to a ransomware attack

Sometimes, an attack is inevitable. Things slip through the cracks. Even with strong passwords, robust security software, and team training. So, what do you do after a ransomware attack?

1. Under no circumstance should you make the ransom payment. You want to avoid funding criminal activity and making yourself a future target by letting them know you're willing to play ball. It also doesn't guarantee they'll hand over the decryption key or let go of your computer systems.
2. Isolate the infected computer systems. Disconnect all devices and limit the spread of the ransomware infection. Ideally, network segmentation is in place which makes it easier to quarantine the affected systems.
3. Figure out where the ransomware infection originated. This will help you identify the entry point that needs to be safeguarded in the future.
4. Report the attack to your IT team, authorities and even the Anti-Phishing Working Group.
5. Reassess your defences. Once you've identified gaps in security and knowledge, it's important to adjust your security posture. Boost your team's security awareness, update your ICT policy and retrain your team.

Are you ready to defend yourself?

Ransomware attacks are terrifying for a reason. There's a lot you need to do to protect yourself, and even then, things can go wrong. Fortunately, you don't have to take it on alone. Lean on the guidance of the security experts at CyberSafe to help you upgrade your defences, train your team, prepare for the worst, and rest easy.