How troubling could ransomware become in 2021? As per security analysts, all organizations should prepare themselves for such attacks. They predict that every 11 seconds a business would fall victim to such an attack in 2021. This analysis is based on the attack trends of 2020.
Nearly a quarter of the victims were manufacturers. About 17% were professional services and 13% were government institutions. Similarly, about 700 healthcare entities had to stop operations because of the dreaded malware.
Unfortunately, the first casualty linked with it also occurred in 2020. A hospital in Germany had to turn back a patient in critical condition, because their IT systems were down because of a ransomware attack.
How you can protect your business from ransomware in 2021
Ransomware – a kind of malware that renders computers unusable until the attacker agrees to unlock the computer, which generally happens upon payments of a ransom by the victim.
Unfortunately, the ransom demanded by the criminals continues to increase every year. By the end of 2020, the average payments rose above $200,000. And if that was not enough, the cumulative costs of damages caused by the attacks have skyrocketed to $20 billion as well.
Small businesses cannot afford such high costs. Thus, it should be of paramount importance for all small businesses to secure themselves against these attacks. You need to have systems that can guard your business against the threat.
Along with that, you also need to put in place a back-up plan to retrieve your data. Having a back-up plan is important, because even paying the ransom doesn’t guarantee that the culprit would unlock your computers. For instance, a 2018 survey of victims who fell prey to such attacks revealed that half of those who paid the demanded ransom were duped by the criminals. They never got their data back. Thus, creating data back-ups needs to be at the top of your incident response plan.
But what should your incident response plan look like? What security measures you need to add to your plan to account for ransomware risks? What kind of training should your employees receive?
Read on to explore the best practices and controls that you need to create a strong response against such attacks. Once you have read the blog, we suggest you to take this self-assessment as well. The assessment lists best practices and controls necessary for handling ransomware infections.
First, let’s look at the following preventive controls that would help you to guard against the malware.
- Disable Remote desktop protocol (RDP)
- If RPD must be accessed, follow the best practices for connecting remotely
- Only allow whitelisted IP addresses to access your systems remotely
- Enable 2-factor authentication for all your users
- Limit administrative access to the network support team only
- Adopt the least privileged access rule for shared assets
- Put in place a process for the Active Directory access
- Disable all plug-ins that are unnecessary
- Enforce network based URL and DNS filtering
- Implement DMARC
- Use malware prevention tools
- Enforce network segmentations
- When testing your incident response plan, check it for ransomware attacks
Following are the monitoring practices that could help you detect an infection in your information systems.
- Alerts for activities that involve exfiltration of a large amount of data
- Alerts of executable files trying to connect to the Internet
- Monitor the use of network management tools
- Stay on alert for suspicious file extensions
- Look out for instances in which several files are being renamed
How to respond to a ransomware attack
Next, here’s the list of best practices for responding to a ransomware attack.
- Identify a person who can manage and coordinate your response to an attack. This should be done in advance.
- Contact your legal counsel and the cyber insurance vendor
- Prepare a document to guide employee behavior in lieu of an attack
- Determine the source of the infection
- Isolate the infection, and try to prevent it from spreading further
- Contact federal agencies
- Determine the cause of the incident, and take care of the vulnerabilities
- Restore the data using the back-ups
- Notify all stakeholders, including customers, employees, and vendors
- Be prepared to shut down a third-party’s access, if required
- Contact regulators
And finally, let us address the topic of backups. Here are the main points about backups that you need to consider –
- Take at least three backups of your data
- Maintain an offline copy
- Use immutable storage
- Look at your backup frequency
- Put in place separate authentication methods
- Implement separate anti-malware program for your backup
- Test your backups regularly
In a nutshell, in order to protect your business from ransomware, you need to put in place proper controls to identify your vulnerabilities, protect your information systems and detect suspicious activities on your network. In addition, you need to have a response plan that can mitigate the effects of the attack, which includes a robust backup plan.
Lastly, and most importantly, focus on employee training. Ensure that your workers know how ransomware infection can hurt the business. Train everyone. Train workers on how the malware works, how risky remote connections are, and how important safe surfing habits are.
Last year, we saw a huge spike in COVID-19 based phishing and social engineering attacks. A trend that would continue in 2021 as well. For this reason, you need to train your workers on secure email practices also.
As an endnote, here’s a two-page document on ransomware by the National Cyber Investigative Joint task force. It summarizes how dangerous the malware is and how you can report incidents to law enforcement.