How to Stay Ahead of Ransomware

In the ongoing fight to keep your data safe, here is some advice on how to keep your data safe from Ransomware. Even if you have encrypted your files they can be encrypted again by ransomware and you won’t be able to decrypt them.

We’ll start with a refresher on what ransomware is, and follow-up with some great tips.

How is Ransomware Delivered?
According to the Department of Homeland Security, “Ransomware is commonly delivered through phishing emails or via “drive-by downloads.”

Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment.

A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.”

Remember, you are vulnerable if:
You are using old versions of software
Operating system and software solutions are not updated with current patches
Hardware is not updated with current patches
You do not have a cybersecurity AND data recovery plan

Cybersecurity Training
In our last post, we spoke of creating a human firewall. This is essential because 91% of successful data breaches started with a phishing attack. By simply reviewing a few key items with the team members that access your data, your organization will be much better prepared for an attack.

Utilize SPAM Filtering
When this solution was in its infancy, it was a nightmare for administrators because the lists would often contain incorrect entries. If an organization was mistakenly put on a list, it was a huge ordeal to have the incorrect entry removed and they were not accurate.

These days, the lists are better managed and can be used to stop an attack before it even enters your organizations mail servers. This is also helpful for Office 365 and Gmail for business.

Enable Windows Defender Ransomware Protection
Located in the Windows Defender Settings, under “Virus and threat protection”, you will find the option for “Ransomware protection”.
WARNING – this might cause some programs to become inoperable. If this occurs, choose the option to “Allow an app through Controlled folder access” and select “Add an allowed app”. You can see the application that was recently blocked and choose to allow it.

The Best Plan
Create a data recovery plan or plan to lose your data. The choice is yours. Nothing beats the 3-2-1 Backup Rule. Recent ransomware attacks have also encrypted Windows system restore points and shadow copies, which could be used to potentially restore data after a ransomware attack. Backups should be stored on a separate system that cannot be accessed from a network and updated regularly to ensure that a system can be effectively restored after an attack.

Homeland Security’s Advice
Back up your computer. Perform frequent backups of your system and other important files and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.

Store your backups separately. Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer. (See the Software Engineering Institute’s page on Ransomware).

Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.

I hope you find this information useful when creating your cybersecurity and data recovery plans. Let us know if our team can assist in ensuring that you and your team are well prepared.

.

Like our Facebook page by clicking on the icon at the top right of this page to stay up to date with date with current alerts and information!

.

Disclaimer: The above information is not intended as technical advice. Additional facts or future developments may affect subjects contained herein. Seek the advice of an IT Professional before acting or relying on any information in this communiqué

Source – https://www.us-cert.gov/ncas/tips/ST19-001