How to Prevent Ransomware Hack
Over recent years, ransomware has gone from being a minor nuisance to a major threat. In fact, it’s probably fair to say that, at this point, the phrase “ransomware hack” is one of the most dreaded phrases in all of IT. The good news is that, despite everything you read in the media, SMBs can protect themselves against a ransomware hack. The key point is to avoid complacency and focus on effective security. Here are some tips.
Why you should worry about a ransomware hack
Although ransomware is a relatively new form of malware, it’s proved so lucrative that it’s already been through several iterations. In the early days of ransomware, there was scareware and lockware. Both of these were essentially social-engineering tricks. If the intended victim kept calm, they could be easily circumvented. These days, however, the terms “ransomware” and “ransomware hack” are practically synonymous with encryption ransomware.
In the early days of encryption ransomware, the threat was exactly what the name suggests. Cyberattackers would encrypt data and then the victim would have to pay for the decryption key. These days, that is still a threat, but it is not the main threat. The main threat is that data can be stolen and the ransom paid to stop the cybercriminals from releasing it, although, of course, this is not guaranteed.
The key point to note is that you need to be prepared for the possibility that your security will be breached and ransomware will get into your systems. Obviously, you’re going to try your best to stop that happening, but you have to prepare for the worst. The only way to prepare for the worst is to encrypt your data yourself. At the very least encrypt your sensitive data yourself, wherever it is stored. This will do nothing to stop a ransomware attack, but it will stop the attackers from being able to steal your data.
Protecting yourself against a ransomware hack
From a technical perspective, there are two key areas of vulnerability that cyberattackers can exploit. The first is the lack of robust security defenses. These days, if you’re running a business website, you absolutely must have top-quality security. The easiest way to get this is to sign up for a website vulnerability scanning service from a reputable vendor.
Each vendor will have their own implementation of the concept but any decent service will have an anti-malware scanner and a web applications firewall. The anti-malware scanner will be updated (very) regularly and hence be capable of identifying and blocking threats with minimal delay. This is vital to protecting against ransomware hacks as they are so lucrative cyberattackers are willing and able to put a lot of resources into keeping them regularly updated in an attempt to keep them (at least) one step ahead of cybersecurity software.
You also need an anti-malware solution, with an integrated firewall, for your local computers and mobile devices. Furthermore, if you have remote and/or mobile users, you also need a VPN.
The second is out-of-date software. The fact that this is a major security leak has been known for years. It was or should have been, made abundantly clear by the WannaCry ransomware attack of 2017. Still, however, it continues to be an issue. If it’s an issue in your organization, then either address it internally or hire a third-party vendor to manage it for you.
The issue of social engineering
One of the major issues with ransomware attacks is that they can be so lucrative that cyberattackers can be prepared to put a lot of effort into them, provided that they think the reward justifies it. The key question, therefore, is not how much you can afford to pay to retrieve your data. It’s how much someone else would be prepared to pay to buy your data. You might like to think that none of your competitors would do such a thing, but remember that data can be sold to anyone, anywhere in the world.
This means that cyberattackers are moving on from the “spray and pray” approach used in early cyberattacks. They’re even moving on from just exploiting obvious weaknesses such as a lack of security software and/or outdated software. They’re now moving into the most sophisticated security area of all - social engineering.
It’s therefore down to you to manage your users effectively. There are three key parts to this. Firstly, you need to ensure that each user has the minimum level of access they need to perform their role. Secondly, you need to have effective policies about system usage, passwords, and two-factor authentication. Thirdly, you need to teach your users about social engineering and how to defend themselves against it.