Recovering from ransomware has cost affected entities millions of dollars—Baltimore spent more than $18 million to bring systems back to their normal state. To avoid budget-crushing costs, it’s imperative to defend against attacks and have a plan for responding to incidents.
Understand the Scope of the Needed Defenses
There isn’t a single measure you can take that will be effective against all ransomware, any more than there’s a single measure that will block all other kinds of malware. Defending against ransomware begins by understanding that defenses need to be widespread. Do a review of your data to identify the most vulnerable and most valuable so you can focus your efforts where you’ll gain the most benefit. Similarly, conduct a review of your network architecture to ensure the most important applications are isolated from the wider network.
Get Your Backups Ready
You can prevent some files from being corrupted by ransomware by setting filesystem permissions, but restoring from backups is often the only way possible to recover from a ransomware attack. It’s crucial that you ensure your backup procedures work. Make sure your backup scripts cover all critical systems, and run a test to ensure you know how to correctly restore a server. Keep a copy of the backup that isn’t connected to networked devices in order to prevent ransomware from accessing the storage.
Learn more in Don’t Lose Your Files to Ransomware.
Block Dangerous Software from the Network
If you can keep ransomware out of your network, you’ll never have to attempt to restore from backup. If you’re behind on installing patches, catch up now, and put a process in place to keep you up to date. Ensure firewalls, blacklists, and mail server filters prevent potentially risky files from reaching end users.
Protect User Devices
Take steps to prevent ransomware from spreading and limit the number of affected files if it reaches user devices. Turn off file sharing and disable Windows PowerShell and Windows Script Host. In Microsoft Office, disable macros. Ensure antivirus software is installed and do scheduled full scans. Don’t allow applications to run from App Data folders.
Your users are your final backstop against attacks on your network. Train them on good computing practices in general, including recognizing and avoiding phishing attacks. Make sure users know who to contact in case of any suspicious email contacts. Users should know how to disconnect their device from the network and be taught to do so in case of a suspected ransomware incident. Learn more about creating an information security culture.
Ransomware is just one of the many cybersecurity threats businesses need to defend against. It’s important to develop a comprehensive, multilayered security strategy that offers comprehensive protection. Contact CCS Technology Group to learn about how our security services offer protection against ransomware and other information security threats.
If you’re serious about protecting your company – and you should be – there’s a two-pronged approach that will stop most ransomware dead in its tracks. You need solid employee education, and you need the right technical tools.
To find out how, download our guide: Ransomware 101 Guide.