Private business and public entities have entered a time where getting hit by ransomware is more a matter of when than if it will happen. And the proof they are on the rise and headed your way can be seen in the daily attacks across the public and private sector. A new report from McAfee shows ransomware attacks increased by 118 percent during the first quarter of 2019.
Businesses and government entities must be prepared for these attacks by a malicious actor or group that encrypts your network and demands money for its release. The demanded ransom amounts are getting higher across all sectors and sizes of organizations with increasingly brazen attacks to city and municipal governments without IT departments.
A ransomware attack believed to be from an individual threat actor recently locked up the agencies of nearly two dozen small cities and towns in Texas. The coordinated attack crippling key city services and targeting municipalities without IT departments was widely reported across major media outlets and Government Technology Magazine.
Small businesses and enterprises are far from immune as they’ve been the primary targets throughout most of the ransomware era. Malwarebytes reported a 365 percent increase in business detection of ransomware in the past 12 months. A recent FBI warning is spreading the word that ransomware attacks are becoming more targeted, sophisticated, and costly.
The warning shows the targets are spread across government, healthcare organizations, industrial companies, the transportation sector and many other public and private sector organizations. The only prudent thing to do to protect your business or governmental organization that countless people rely on is to ensure ransomware preparedness.
Ransomware attacks find a vulnerability point and then may take months to snake its way through all the systems to find what the attacker needs to take control of the IT infrastructure. This attack often starts with a malicious email attachment, and any organization without the right ransomware preparedness approach will never know it’s there. That’s why ransomware preparedness is about prevention, detection, business continuity and disaster recovery (BCDR).
With the growing threat of ransomware, both public and private entities must make quick decisions and have a BCDR plan in place to avoid the Faustian bargain of paying the ransom, crippling the business, or both. There are several things organizations must do to help prevent ransomware by using security techniques to close inbound and outbound vulnerabilities. With email attachments and the attendant human error as the primary entry point, organizations must implement:
- Spam Filters / Phishing-Detection Systems and related software to detect and help block potentially threatening email messages and attachments
- Advanced network firewalls that can analyze traffic for malware and help to stop the attack by flagging the executable as it tries to pass through
- Malware Detection software that flags malicious email document attachment executables
- Blacklisting the IPs most often used by spammers
- User-Awareness Training to educate employees on how to identify and avoid attacks
The 3-2-1 rule of backup is still a viable approach to the basics of BCDR. This translates to having three copies of your files on two different media types with at least one of them stored offsite as a hedge against ransomware attacks and other disasters. Backing up data to the cloud and offsite storage of physical disk backups can meet the rule’s guidelines. Together, they minimize downtime, prevent data loss, and make sure you can quickly restore critical systems.
BCDR For Ransomware Prevention
One of the biggest problems with ransomware is that paying the ransom doesn’t always mean the attacker will or can unlock access to your IT infrastructure and data. Besides making the case for why you shouldn’t pay, it also makes the case for why BCDR through data and system backup are the most effective means of ransomware preparedness.
While backing up your data is crucial to recovering from a ransomware attack, you must be sure the backup plan and entire BCDR plan works. You’ve got to test your backup system and verify you can restore the environment with enough data to perform the recovery. That’s just one of several things that you should do to make sure your business can recover from a ransomware attack:
- Having automation is critical to speed of recovery so that your critical infrastructure is back online within minutes or hours
- Making sure backup/BCDR strategies align with compliance management in a streamlined, holistic way
- Verifying the backups are running as they should be
- An offline critical data backup not connected to the internet that is regularly monitored and maintained
- Have a plan or support partner for continually monitoring your IT infrastructure since hackers can be inside the network for a long time looking for critical servers
- Provide cybersecurity governance to your organization to educate employees on good security hygiene such as avoiding unknown email attachments among other things
- Implement multi factor authentication (MFA) to make sure users only have access to parts of the IT infrastructure (specific servers or databases they need to do their jobs) to keep ransomware from spreading
As the ransoms and the sophistication of ransomware attacks increases, public and private organizations will have to step up their security hygiene game. But even with limited budgets and limited internal IT support, it’s still possible to do that effectively. One of the most effective things you can do is to learn what you don’t know about your IT infrastructure vulnerability via penetration testing.
Offsite backups are more defined by their planning, execution, and diligence than their costs, and the same can be said of ongoing monitoring of the infrastructure. It’s important to have highly experienced and cost-effective managed security services support to partner with you in making these decisions. This provides the means to develop a customized strategy that drives proactive and reactive execution plans where the cost of guarding against crippling ransomware is far less than the alternative.