5 tips to help you block ransomware

Learn about best practices to combat the threat of ransomware

ransomware
Thinkstock

There have been some seriously nasty ransomware attacks in the last few years. From Petya to Wannacry to the SamSam attack on health record company Allscripts just last month, ransomware has been wreaking havoc across the world. Global ransomware damages exceeded $5 billion last year, up from $325 million in 2015. That’s a meteoric rise. 

The sad thing is we understand the risks and how to mitigate them. A few simple steps can at least ensure that a bad situation isn’t made worse, but the evidence suggests that too many organizations have failed to learn the importance of a proactive approach. Let’s look at five areas that deserve attention.

1. Get your defenses in order

It’s vital to have a proper intrusion prevention system (IPS) in place. That means a cutting edge, high performance firewall and sandboxing support. Secure those open ports. Review your port-forwarding rules and try to find alternative ways to access resources. Apply rules to govern your network traffic and make sure it is being monitored round the clock.

Try to reduce the potential attack surface to make life harder for cybercriminals. Review your access policy for data and make sure it is suitably restricted. The fewer entry points there are to your system, the harder it will be for attackers to gain access, and the easier it will be for your IT staff to monitor and identify problems.

2. Sandbox web and email traffic

Filter incoming traffic for suspicious files and automatically block downloads from the web and strip attachments from emails, so that they can be properly analyzed before they gain access to your network.

Phishing scams are a very common point of entry for ransomware and it’s frequently found lurking in seemingly benign PDFs, Microsoft Office documents, and especially in executables. It’s not easy to round up and eject ransomware once it has a hold, so stop these files at the door.

The risk with email is very high; according to PhishMe the proportion of phishing emails that carry ransomware has increased to 97% and as many as 90% of data breaches can be traced back to a phishing email.

3. Educate your employees

You can’t rely on security software to keep you safe. A Ponemon Institute survey of 1,000 IT professionals at small and mid-sized businesses last year, found that 54% of respondents named negligent employees as the root cause of data breaches. You need clear policies, staff must be trained, and you need to test their understanding.

Combine sandboxing with a comprehensive training plan for security awareness and you can dramatically reduce the risk of ransomware gaining access to your network and catch it early if it ever does get in.

4. Try to minimize lateral movement

Once ransomware gains entry to a network it often propagates by spreading laterally. If you have a flat network topology, with endpoints connected into a central switch, then it’s going to be tough to see or control the spread. Segmenting your Local Areas Networks (LANs) and connecting them through the firewall can help you uncover and block laterally moving threats.

5. Infected systems must be isolated

Sadly, infections are something of an inevitability. The trick is to identify them as quickly as possible and take immediate action. Automatically isolating any compromised systems is a smart move. Make sure that nothing can spread and buy yourself some time to further analyze the problem. With some ransomware infections, you may be able to roll out an automatic fix, while others will require manual attention from an InfoSec pro.

It should go without saying that you need to patch systems on a regularly scheduled basis, keep software up to date (accept those updates!) and of course auto back up all your precious data nightly.

If you do fall victim to a successful ransomware attack it could prove very expensive. Malwarebytes found that ransomware attacks caused 22% of infected small and medium-sized businesses to cease operations immediately. For one in six, the infection caused 25 hours or more of downtime.

Putting the right protection in place is going be a lot cheaper than cleaning up after an attack. Be proactive and take steps to guard against ransomware today, before it’s too late.

Related video:

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart