Ransomware: Are you prepared?
With the increase in Ransomware attacks over the last year, it seems that’s all we read these days in the headlines. It was estimated that in 2020 the world saw a 150% increase in ransomware attacks and the trend has continued into and throughout 2021. Many businesses around the world are searching for advice on how to increase their security and reduce the threat of becoming the next victim of an attack. In order to prevent these attacks from continuing to escalate the PCI Security Standard Council has shared a best practice resource in order for businesses to better understand and protect against these ransomware attacks. Throughout this blog, we will take a deep dive into these suggestions and identify why they are important to implement and maintain.
What is Ransomware?
Ransomware is a type of malware that takes possession of your business files, systems, or networks and prevents you from accessing them until the ransom is paid. Ransomware typically enters your system one of two ways, either through a Phishing attack or through a vulnerability either on the web or server-side. Phishing can occur in two ways, either through a text message or more commonly through email. Typically these emails seem legitimate, for example, an invoice or an important document, however, they contain malicious links or attachments which can infect an individual’s computer and then make their way onto the network. When it comes to vulnerabilities criminals can plant ransomware on websites, which take advantage of vulnerabilities within the software in order to attack visitors that are using outdated software. In order to prevent both of these entry points, it’s important to ensure all staff members are trained and frequently informed to update all software on their computers and to never open emails, links, or attachments from sources they do not recognize or are not expecting. There are also procedures that can be put in place from a firewall perspective to prevent suspicious emails from entering your system.
How to Protect Your Business:
Stay alert, as mentioned above it is important to train your employees to be aware of potential threats. Develop a protocol to educate staff on the best ways to avoid, recognize and respond to an attack if it does occur. Encourage your staff to delete suspicious emails and to think before they click and always confirm with the individual that sent the file or link before opening it.
Be vigilant, test your systems regularly, and be sure to patch all vulnerabilities right when they become available because a vulnerability provides a door for individuals to enter your system. Criminals are persistent and will continue to knock on doors until one opens, to prevent a door from opening be sure to patch and update your systems accordingly.
Do you have appropriate monitoring in place? By monitoring changes that occur in your systems it will allow you to pick up on suspicious activity at the time it occurs. Investigating the changes right when they happen helps you address problems more quickly and improve your chances of shutting down an attack. Be sure to have a change management process in place as well to identify if changes were approved or not in order to flush out unknown changes.
Back up often, when backing up your system make sure you do not overwrite previous good backups since it will prevent the possibility of backing up data that is encrypted by ransomware and will allow you to restore your system with a previous clean backup. When it comes to the type of backups taken the PCI Council’s best practice is to take regular full-disk backups and incremental backups which would only back up the new data from the last full disk backup. Be sure to store your backups offsite and offline to prevent them from also being encrypted by ransomware. In order to ensure you are prepared for any possible attack, it is important to test the integrity of your backups regularly in order to confirm that you can recover them when and if necessary.
Lastly, be prepared and ensure your whole staff is also prepared and knows how to respond to an attack if one were to occur. Make sure you have a written plan and procedure guideline readily available to all employees and review it regularly to keep it up to date. With the amount of ransomware and overall attacks increasing across the board it’s as important as ever to stay alert and be prepared. Training, discussions, testing, and protocols are all necessary to not alone prevent an attack but to be able to respond if one happens.