How to avoid ransomware

Ransomware explained

There are many different cyber threats out there from Denial of Service (DoS) attacks to brute force attacks and viruses, so let’s first define what ransomware is.

Ransomware is a type of malicious software (malware) that once unleashed upon a computer or network, gives hackers the power to lock up systems or encrypt critical data and hold it hostage until the owner pays a fee, a.k.a. ransom, to return control of the systems or provide a decryption key.

And recently, ransomware attacks have taken a new angle. Instead of locking up the system, the malware may steal your data - called exfiltration. What is the threat for ransom to be paid? If you don't pay the hackers, they threaten to make the data public.

How does ransomware work?

Ransomware typically enters a network through phishing scams, when an unsuspecting user opens an infected email or clicks on a spoofed banner ad that takes them to a website where malicious code is downloaded onto the system. It only takes one vulnerable endpoint to spread malware throughout an entire IT network.

Most ransomware incidents are the result of unintentional employee actions. Criminals are pretty smart and go to great lengths to make their messages appear legitimate.

This kind of digital extortion is common to all industries and businesses of every size, from the local real estate or insurance agent who logs on to find all their network credentials and client contacts frozen, to the headline-grabbing incidents that shut down entire supply chains and businesses.

In fact, small and medium-sized businesses are at greater risk. Criminals assume they 1) have less robust network defenses in place, and 2) have less network-savvy employees who are more likely to open emails with infected links.

The bottom line is that ransomware can make an organization lose time, data and money. You can read more about the costs, statistics, and impact of the average ransomware attack in our article, “What is ransomware?”

Fortunately, there are several steps you can take to minimize exposure and limit its impact if your business is targeted.

Related content

Article: 11 essential hacking terms, defined

Best practices to avoid being a ransomware victim

There’s a difference between being a target and being a victim. Most security experts agree it is a matter of when, not if, a business will be attacked. But that doesn’t mean the attackers have to be successful.

The following is a list of tips and best practices for employees in a business setting using email and browsing the web to reduce the chances of becoming a ransomware victim. It has been compiled from a number of thought leaders in the cybersecurity space including the Center for Internet Security, the United States Government Cybersecurity & Infrastructure Security Agency’s Stop Ransomware website, and the security experts at Ricoh.

End user education

The first and perhaps most important line of defense is an educated user base. Never trust, always verify is an excellent mantra to avoid falling for click bait.

Train users to spot the signs of ransomware and phishing attacks that could initiate an automatic download before they open an email or click on a link:

• Look for spelling errors and poor grammar in a subject line.

• Check the “From” line to see if the message is from an obscure email address or unknown URL domain.

• Never open email attachments from unknown senders, click unrecognized links, download a file, or enter a password just because a website says to do so.

• Do not open macro-enabled files unless from a trustworthy source.

• Avoid disclosing personal data to untrusted sources, as this information can be used to steal passwords or craft phishing messages that seem authentic.

• If asked to call a support number to activate a credit or debit card or change a password, compare the number in the email to the number on the back of the card.

From a hardware perspective, users should never insert USB drives or external storage media from untrusted sources into their PC. Further, users should turn off the option to automatically download email attachments, and turn on the automatic update feature on their anti-virus software.

Use multi-layered authentication

Organizations should implement the latest multi-factor authentication technologies to verify communications are sent to and from only trusted sources.

Also, close unused network ports, install anti-virus software, build a network firewall, and enable spam filters to intercept and prevent phishing emails from reaching end users in the first place.

Perform regular security updates

When a trusted software or services provider issues a security update or patch, install it immediately. After a developer finds an exploitable weakness, you can be sure criminals aren’t far behind. Even after a threat is identified, stragglers to the update bar remain vulnerable (see Penetration Testing below).

Perform penetration testing (Pen Testing)

This preventative measure is a simulated cyberattack performed by a “contracted ethical hacker” against a computer system to check for potential vulnerabilities against real world hacking attempts. Identified security weaknesses can be safely identified and remedied.

Sometimes penetration testing involves sending false phishing emails to employees to test their awareness, and then bringing in users who fall for the trap for additional training (see End User Education above).

Data backup & disaster recovery for business continuity

A ransomware attack certainly qualifies as a disaster. The cause may not be a fire or flood, but your data is at risk of being wiped out. 

Cybercriminals behind ransomware schemes want your money, not your data. Unlike other types of malware, the goal of ransomware is not to destroy valuable data but to hold it hostage, so theoretically you can get it back after paying the ransom – if you trust your extortionist. 

However, stolen data loses its value as a captive asset if it is easily replaceable. 

Perform regular backups of all mission-critical systems and keep them in a parallel IT environment offline or safely disconnected from the primary network, thereby negating the threat of ransomware.

Should an endpoint, database, or application become infected, simply wipe it clean or retire the asset and replace it with a new one using the latest backed-up data. 

It is also important to have a response plan in place including a list of all partners, suppliers, and customers who might be affected by the event and begin notification immediately.

Get prepared with ransomware prevention services

The best preventative measure is ransomware protection, software and services dedicated to monitoring network traffic against known identifiers of suspicious activity, alerting administrators to threats, and immediately isolating infected systems.

Because despite everyone’s best intentions, it's likely that eventually something will get through. When all other mitigation and education efforts fail, ransomware prevention technology provides a last line of defense to stop attackers in their tracks, limiting operational impact and protecting against financial loss.

Our Bullwall Ransomware Containment offering, for example, offers a comprehensive service that provides an additional layer of protection against ransomware threats. It provides instant detection, immediate response, and detailed reporting without impacting device or network performance.

Ransomware Containment doesn’t replace endpoint protection platforms (EPP) and endpoint detection and response (EDR) tools, it complements them by protecting businesses with multi-layered security. Rather than preventing ransomware from getting in, it stops any active attacks that do get through.

To learn more about how to safeguard your organization against the threat of ransomware and the importance of business continuity planning in the event of a cyberattack, check out our article, “How to protect against a ransomware attack.”