Computer hard disk drives showing data recovery for ransomware attack

Focusing on Risk and Recovery: A Ransomware Preparation Checklist

Despite the current disruption to the working lives of many people, it remains business as usual for the cybercriminals behind the millions of ransomware attacks taking place every year. One of the most notorious forms of digital crime, ransomware holds organizations hostage while the malware quickly spreads throughout networks encrypting files until the ransom is paid.

Part of the challenge is that too many organizations are underprepared when targeted by a ransomware attack. Unfortunately, many learn the hard way that relying on conventional backup solutions does not mean data can be recovered, as these systems are often also targets of the attack and may be encrypted or deleted.

Instead, some organizations decide that paying the ransom is the quickest way to restore encrypted systems, even though it does not guarantee recovery of the data. Others, who decline to pay the ransom, attempt to recover their systems, only to damage valuable files in the process or find that their backups have also been encrypted leaving them with little to no means of recovery.

Ultimately, the nature of ransomware means that, at present, preparing for a ransomware attack is by far the most effective way of minimizing the risk of becoming a victim. Following the steps on this checklist can help tip the balance of power against potential attackers:

  1. Education. Users should be instructed not to visit unapproved websites or click on links within emails unless they are specifically expecting them and have no other way to get to the site (a password reset email, for example). The best way to illustrate the risks is via a live demonstration for users showing them how the URL behind a link may be completely different from what they think expect.
  2. Patch and update. It is vital to keep software on all networked devices completely up to date. This must be a comprehensive process, covering local and remote devices such as switches, servers, and BYODs (i.e., bring your own device). New malware exploits are now published within days of patches being available, so unfortunately the window of relative safety is getting shorter and shorter.
  3. Enable firewalls.  This is another area where it is vital to deploy all the latest patches as soon as they are available, and as quickly as you/your team is able. Note that some of the newest firewalls can help block traffic from known ransomware, though the jury is still out on their real-world effectiveness.
  4. Control access privileges. Make sure that users – and especially systems administrators – run in the least privileged mode possible while still being able to maintain productivity. Although useful, this is not fool proof as malware has proven very adept at escalating to root or admin privilege levels.
  5. Disable Remote Desktop Protocol (RDP). Used by cybercriminals to access systems in many attacks, it should be disabled unless used in carefully controlled maintenance procedures.
  6. Create an immutable copy of vital data. As a last line of defence, your data and backups should be stored in an immutable format so that encryption cannot impact your active data or your backups. It is a common misconception that backups will be available, but recent events have proven otherwise. Only a hardened storage solution that has been engineered to protect the data from attempts at corruption or deletion can guarantee that your data is safe from ransomware threats.

These immutable storage solutions can be critical to effective recovery. A recent example is that of a large and well-known hospital with a meticulously careful IT department, which suffered a massive ransomware attack that encrypted all of their patients’ radiology studies. However, in this case, the hospital’s downtime was only a matter of minutes because it had previously deployed a hardened active archive solution from which it could quickly and completely restore all data.

Immutable storage solutions engineered to protect the data from attempts at corruption or deletion is the last line of defense against #ransomware attacks. #cybersecurity #respectdata Click to Tweet

Prepare, Prepare, Prepare

And that underlines the point: preparation is everything. Certainly, it is critical in helping to avoid an attack. However, it is just as important for dealing with the aftermath of a successful attack. Being well prepared is the key to avoiding the worst effects of ransomware. Organizations that make a firm commitment to protecting their systems and data with an Unbreakable Backup solution to stay ahead of this growing cybercrime trend will always be better equipped to quickly move on from an attack with minimal disruption or cost.

 

Global Director of Assureon Solutions at Nexsan