Tips for Preventing Ransomware Attacks

Ransomware has been on the scene for a few years now, but there are still just three ways to deal with getting compromised. If you are compromised with ransomware, you can: restore from backups, pay the ransom and hope it works, or cut your losses and lose the data. However, you could save yourself a significant amount of heartache by taking measures to prevent the ransomware attack. As with everything, the saying “An ounce of prevention is worth a pound of cure” applies to ransomware. The IT landscape is littered with folks who “saved money” cutting corners on IT only to spend ten times as much on recovery after a data breach or loss.

Here are some tips to prevent ransomware from ruining your day (or career):

Have a Multi-Tiered IT Security Strategy 

What does that mean? In a nutshell, DO NOT rely on just one point of security like a firewall or anti-virus. Instead, there needs to be security at several layers between your users and potential attackers. Anti-virus, firewalls, email security, DNS protection, user rights all play a role in your security. 

Patches, Patches, Patches 

Keep things up to date. Computers, servers, firewalls, anti-virus, switches, all of it. You should have a regularly scheduled maintenance window in effect where you can get things patched. The vast majority of reported vulnerabilities are resolved with patches. 

Anti-Virus Sanity 

Keeping the software up to date is a given but have a look at your policies and features. Most anti-virus software now comes with policies and features to block encryption and other processes associated with ransomware. They often are not enabled by default. 

DNS Protection  

DNS protection can block access to known bad domains. Cisco Umbrella is our goto. This is also a feature available on your FortiGate firewall. 

Close Remote Desktop Protocol (RDP) and Other Services  

Be vigilant about what services you open to the public Internet. RDP is a service that is linked to several ransomware exploits. There are now other, better options for remote access aside from leaving RDP open. 

Email Security  

Most security issues today have less to do with firewalls and packets and more to do with exploiting end users. The easiest way to get to your end users is through email. Use an email security service such as Proofpoint. 

Speaking of Users … Educate Them 

Teach them to be suspicious, not to click on things, not give up information. 

Let Your Firewall BAll ICan Be   

Most firewalls today come with a suite of unified threat management (UTM) tools to go the extra mile and add a layer of protection between your systems and the outside world. 

Gap Your Backups   

Air gap (having a backup that is off your network and inaccessible) or logic gap (leaving backup systems off your domain, in the cloud, etc.) is a must in today’s environment. This is because ransomware viruses are getting smarter and are able to map all devices connected to your environment and encrypt them – that means your backups will be rendered useless if the ransomware can access them. 

Have Backups   

Let’s face it, you can follow all these steps  and some I have forgot to mention — and it is still possible you will still get hit with ransomware. You need to have a good backup AND restore system in place. 

 

If you have questions about how to better secure your organization against a ransomware attack, we’re here to help you. Send us an email or give us a call at 502-240-0404!