Ransomware has been on the scene for a few years now, but there are still just three ways to deal with getting compromised. If you are compromised with ransomware, you can: restore from backups, pay the ransom and hope it works, or cut your losses and lose the data. However, you could save yourself a significant amount of heartache by taking measures to prevent the ransomware attack. As with everything, the saying “An ounce of prevention is worth a pound of cure” applies to ransomware. The IT landscape is littered with folks who “saved money” cutting corners on IT only to spend ten times as much on recovery after a data breach or loss.
Here are some tips to prevent ransomware from ruining your day (or career):
Have a Multi-Tiered IT Security Strategy
What does that mean? In a nutshell, DO NOT rely on just one point of security like a firewall or anti-virus. Instead, there needs to be security at several layers between your users and potential attackers. Anti-virus, firewalls, email security, DNS protection, user rights all play a role in your security.
Patches, Patches, Patches
Keep things up to date. Computers, servers, firewalls, anti-virus, switches, all of it. You should have a regularly scheduled maintenance window in effect where you can get things patched. The vast majority of reported vulnerabilities are resolved with patches.
Keeping the software up to date is a given but have a look at your policies and features. Most anti-virus software now comes with policies and features to block encryption and other processes associated with ransomware. They often are not enabled by default.
DNS protection can block access to known bad domains. Cisco Umbrella is our go–to. This is also a feature available on your FortiGate firewall.
Close Remote Desktop Protocol (RDP) and Other Services
Be vigilant about what services you open to the public Internet. RDP is a service that is linked to several ransomware exploits. There are now other, better options for remote access aside from leaving RDP open.
Most security issues today have less to do with firewalls and packets and more to do with exploiting end users. The easiest way to get to your end users is through email. Use an email security service such as Proofpoint.
Speaking of Users … Educate Them
Teach them to be suspicious, not to click on things, not give up information.
Let Your Firewall Be All It Can Be
Most firewalls today come with a suite of unified threat management (UTM) tools to go the extra mile and add a layer of protection between your systems and the outside world.
Gap Your Backups
Air gap (having a backup that is off your network and inaccessible) or logic gap (leaving backup systems off your domain, in the cloud, etc.) is a must in today’s environment. This is because ransomware viruses are getting smarter and are able to map all devices connected to your environment and encrypt them – that means your backups will be rendered useless if the ransomware can access them.
Let’s face it, you can follow all these steps — and some I have forgot to mention — and it is still possible you will still get hit with ransomware. You need to have a good backup AND restore system in place.