Protecting Your Business from a Ransomware Attack
News headlines in 2019 were full of crippling ransomware attacks on businesses, healthcare organizations, municipalities and educational institutions – the number of recent attacks across all sectors is in the thousands. What’s worse? The cost to businesses can skyrocket from thousands of dollars to millions depending on the scale of the attack. In just one example, the city of Baltimore estimates that the May ransomware attack on city computers will cost at least $18.2 million to restore systems and make up for lost or delayed revenue.
Businesses across all sectors are at risk, but there are steps you can take to protect your data and customers.
What is ransomware and how does it work?
Ransomware is a particularly insidious type of malware that prevents or limits users from accessing their data, often by encrypting their files, and is typically delivered via email or drive-by-download attacks on compromised websites. Once you have it, there is no way to remove or fix it. The only way to get a restore key is to pay the “ransom” – typically requested in virtual currencies like Bitcoin, or restore your systems from a backup.
The most common way attackers do this is by “phishing” – sending an email with a link or infected file attached. Once the file is downloaded, the malware infects your systems and essentially locks you out entirely, spreading a virus through your network and infecting all computers. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
The impact of a ransomware attack can be devastating to an organization. Anyone with important data stored on their computer or network is at risk, and recovery can be a difficult and very expensive process. Even if ransom is paid, there is no guarantee your data will be recovered.
How can businesses protect their data from an attack?
The best defense to these attacks is to take a proactive approach, involving user training, multiple layers of security, and strong backup and data recovery capabilities, including the following:
- Ensure all systems are up to date
- All of your systems need to be running on a currently supported operating system that is actively supported and updated. If you are running on an unsupported operating system, you will need to upgrade. (For example, Microsoft only supports each version of Windows for so long. Windows 7 is currently in “extended support” until January 14, 2020, after which Microsoft will no longer support it).
- Apply software patches consistently and on schedule. Ransomware often exploits known system vulnerabilities.
- Review systems to make sure you have updated antivirus and intrusion prevention software in place.
- Establish policies for user education
- All employees should be locked out of local admin rights to their work computers. Audit user rights to limit employees to only the directories and files they need to reduce the surface area that an attack can have. If a user is compromised and they have access to file stores they don’t need, files can become damaged inadvertently.
- All employees should be properly trained on the secure use of all systems, including their own devices they may use to work remotely. Put data protection practices in place, including requiring strong passwords and automatic locking after periods of inactivity, establishing protocols for reporting lost or stolen devices, mandating certain antivirus and protective software, and requiring or strongly encouraging regular backups.
- Conduct user awareness training on how to look out for and report malicious emails and possible phishing, and to only download email attachments from trusted sources. All devices should have desktop firewalls and systems for email protection including anti-spam, anti-virus and malware scanning.
- Implement backup, disaster recovery and business continuity systems
- 100% of your valuable business and customer data needs to be protected and backed up outside of your local network. Systems like Microsoft Azure and Veeam Cloud be used to secure your data remotely.
- Conduct frequent data backups with testing to ensure they are reliable. A good retention period is critical as sometimes it can take days or weeks to know that ransomware is on the system.
- Test run your backup system to ensure you can fully conduct your business in the event of a ransomware attack.
How CPI can help
The impact of a ransomware is far-reaching, expensive, and can result in permanent damage to your brand. But you can take proactive steps to protect your valuable data today.
CPI offers Karmak clients managed backup and IT services for greater security, efficiency and reliability. CPI monitors and alerts clients of the health, availability and performance of infrastructure and services to streamline operations and quickly identify performance and security issues in real time. Even if you already have an internal IT department, CPI can work with your team to conduct a thorough review of your systems, assess your system readiness and make recommendations to improve your protection.
By employing proactive network security measures, heavy duty businesses can have enhanced security and compliance and protect critical data from attack.