Now that attacks are a real risk, it\’s important to know how to protect your business against ransomware. You need adequate technologies and conscious behavior. What security systems to install, what to do and what not to do then?
First, you need to understand how a virus can enter your system.
How does ransomware spread?
Ransomware spreads in the same way as other computer viruses, but they are much more dangerous. Email, open doors and software vulnerabilities are their favorite access channels. They can access computers and the networks that connect them, mainly:
- By exploiting social engineering and leveraging people\’s interests and weaknesses. In this case, users will be the ones to do what the malware needs to start the infection.
- Through system vulnerabilities. In this case, it is the machines that allow entry, not distinguishing the attacker from a normal user.
Being aware of the likelihood of a ransomware attack
According to Sophos’s survey on ransomware in 2021, organizations are becoming aware of the likelihood of an attack. 40% of respondents believe it is inevitable to be hit sooner or later due to the frequency of attacks – one every 11 seconds by the end of 2021, according to Cybercrime Magazine.
However, 22% of decision-makers do not seem to want to take responsibility for the security of their systems and blame their user’s behavior. 47% consider attacks difficult to repel as they are becoming increasingly sophisticated.
Only 22% of business leaders admit they have weaknesses in their cybersecurity, which is the first step to start taking care of it seriously.
How do you get ransomware?
You can get ransomware because of reckless or unconscious behavior, or because of technologies inadequate to reject web threats. Once one computer is infected, the malware spreads to other devices connected to the same network until it encounters a security lock. In this way, it can reach not only all company PCs and servers but also those of any customers who use their online services.
Ransomware attacks conveyed by human actions
Here\’s how a user can unknowingly pave the way for an attack:
- By opening fraudulent emails, clicking on the links they contain or downloading the attachments. Hackers launch phishing campaigns that exploit users\’ interests to lure them into actions that open the door to the virus. In some cases the e-mails appear to be sent from contacts in the user’s address book (spooling), thus increasing the probability for the messages to be open.
- By clicking on deceptive links or content sent via chat or SMS (SMSishing) or available on social media, and so allowing unintentional downloads of malicious programs to start.
- By biting into vishing campaigns. Some ransomware operators provide voice calls in which they report a false problem and pretend to help the user solve it, while giving them instructions to install the virus.
- By visiting compromised sites, which have been hacked by ransomware operators or are misleading copies of other sites. These initiate automatic (drive-by) downloads of malicious software.
- By clicking on misleading advertisements (malvertising), which again lead to web pages where the user unknowingly downloads viruses.
- By installing unsafe software containing malware. This can happen for example when installing \”cracked\” versions of paid programs or downloading free software from the Web.
- By connecting computers to infected external devices, such as USB sticks or portable hard drives that contain ransomware.
Ransomware attacks conveyed by machines
When humans don\’t take the right precautions, malware can autonomously infiltrate systems through:
- Protocols with open ports, especially when set by default: RDP (port 3389) and SMB (port 445). Malware can easily detect them, steal credentials and access the system.
- Vulnerability of protocols and software, mainly if they are widespread. It happened often with Microsoft Exchange Server, while Windows Server Message was the channel for WannaCry, one of the largest ransomware attacks by number of users affected.
How to protect against ransomware: technology and practices
To protect your business against ransomware it is necessary:
- To install on all connected devices effective security solutions that prevent or quickly detect any access attempt by malware.
- To raise user awareness, training people on risks and correct behavior.
Security solutions and ransomware protection
Here are the technological solutions you can adopt to protect yourself from ransomware or their consequences:
First of all, it is essential to schedule regular and frequent backups of all devices, including mobile, and of any private devices that employees use for work. Backup does not protect you against ransomware but allows you to limit the damage in case of an attack.
Today, protecting data is easier thanks to cloud backup services, fully automatable. Babylon Cloud is 100% GDPR compliant and secure thanks to the technologies used. Find out here the right solution for your company.
Install and keep up to date firewalls and antivirus of the latest generation. While firewalls block upstream threats, antiviruses are IDS (Intrusion Detection Systems) software able to scan the system, detect and isolate malware that have already managed to infiltrate.
Better to choose an anti-virus based also on behavior as well as on signature. Signatures are patterns associated with specific viruses, malware and Trojans, which an up-to-date security software can recognize. But only behavior analysis makes it possible to identify even unknown threats, through the observation of anomalies in data and processes.
In an organization with a high level of IT security, an infection should be detected in less than ten minutes, in order to isolate it immediately and limit the damage.
Since ransomware mainly affects email, it is imperative to use a secure email gateway to filter upstream emails containing malicious links and attachments. It is also useful to provide for a subsequent check with post-delivery protection technologies, which show the user alarm messages on suspicious emails.
Use DNS filters to prevent users from unknowingly installing malicious software disguised as legitimate programs and in general from unintentionally downloading viruses by clicking on fraudulent websites and banners.
Disable automatic execution of USB devices and Office application macros, so that, If they contain viruses, they won\’t be automatically installed on the PC.
Beware of open doors. Use the RDP and SMB protocols only if needed, protect them with a password and if possible double authentication, and change the default ports.
Implement UBA (User Behavior Analytics) solutions, which monitor computers by detecting suspicious behavior and are thus able to block even brand-new types of ransomware. These tools analyze suspicious items in a separate environment (sandboxing).
You could even use browser/web isolation softwares that allow you to navigate in a separate environment in which any threat encountered remains isolated from the system.
User awareness and safe behavior against ransomware
Since malware exploits people\’s ingenuity to infiltrate, it is important to train employees and collaborators to make them conscious users. They won’t open suspicious emails, won’t click on files with dangerous extensions or banners on unsafe sites, and will make sure that the security systems are always up to date.
Here are some good practices to prevent ransomware by behaving safely:
Keeping operating systems and browsers up to date. Always install on your computer patches, security updates proposed by software manufacturers.
Keeping plugins such as Java and Flash up to date. They are often a gateway for viruses. Disable Flash and only enable it if necessary, as some sites still use it.
Using administrator accounts only when necessary, because an infection on an account with such privileges is much more dangerous, as they are also exploited by malware to spread.
Checking the administration rights of critical business data and make sure it is sufficiently protected.
Having a plan for a possible ransomware infection. In the event of an attack the faster you act, the better, so make sure to be prepared. Some cybersecurity experts even recommend running periodic disaster recovery simulations.