In the last 6 months we have seen an ever increasing number of successful ransomware attacks and you NEED to think about it before your company is attacked.
Ransomware attacks are becoming more common and sophisticated than ever before. A ransomware attack can occur at any time, and it can be devastating to a business or individual. In this article, we will discuss how to prepare for a ransomware attack now.
1 – Backup Your Data Using New Tools & Services
Backing up your data regularly is the most important step in preparing for a ransomware attack. The key here is to make sure that your backups are not just off site but also not editable and not deletable.
ZERTO: REAL TIME BACKUP
There are several companies like HP’s Zerto that take delta backups every six seconds and you can keep those backups for more than a month if you want. These backups cannot be modified and that keeps you safe when one of the things a ransomware program like old Crypto Locker or the new and very scary Royal do, is hunt for and either delete or encrypt backups. We have not sold Zerto but we have seen it demonstrated a few times and have used it with a few clients that had it before we got there. It’s pretty cool.
AZURE: LOCKED BACKUP
You can also back up to cloud services like Microsoft Azure and set them to be non-deletable. In fact, new Azure backup vaults have these settings turned on by default and you should almost always leave them that way. If you want more information on Azure cloud backup and how it is configured to keep your companies data safe, read THIS Microsoft article. If like us you have a lab that you want to keep the cost down on so you want to disable soft delete click HERE for short article and video explaining the process.
VEEAM: AIR-GAPPED BACKUP
A lot of people think that data stored in the cloud is data that is 100% safe from attack but that is absolutely not true. Just because Amazon’s AWS and Microsoft keep multiple copies of your data in their datacenters does not mean that when one copy gets corrupted or encrypted that the others don’t instantly get corrupted and encrypted as well. We like Veeam simple to use Microsoft 365 Backup Tool. it’s free for anyone that has 5 or fewer accounts they want to back up and we use it personally for our OneDrive, Exchange Email and SharePoint data. We have a short video explaining how to set up Veeam from scratch. You’ve got your data backed up to a USB drive or you can “air gap”it, meaning you can unplug those drives and put them on a shelf where hackers cannot get to.
2 – Educate Yourself and Your Employees
In addition to subscribing to a few security oriented feeds from real organizations like Forbes and Microsoft, security NEEDS to be ingrained in your corporate culture. More than 90% of successful ransomware attacks come through emails that use social engineering to trick your staff into giving away their corporate credentials to the hackers. Educate yourself and your employees on the dangers of ransomware and how to prevent it. There are many products out there including KnowBe4 but we like Trend Micro’s free phishing testing tool called PhishInsight to train employees to recognize suspicious emails and avoid clicking on links or downloading attachments from unknown sources. Companies also need to create a formal cybersecurity policy that outlines best practices, including the use of strong passwords, regular updates, and two-factor authentication.
3 – Use NEW Anti-malware Software
Install and maintain up-to-date antivirus and anti-malware software on all of your devices. These programs can detect and remove malware, including ransomware, before it can infect your system. Keep your software up to date to ensure it is effective against the latest threats. Here we like to use the built in Windows Defender product that’s managed through either Microsoft InTune or SCCM. However Microsoft has expanded the Windows Defender suite to include many tools including Defender for Servers and Microsoft Sentinel which you should at least be aware of and consider. At Up & Running we also really like SentinelOne in combination with Windows Defender. SentinelOne is monitoring behavior rather than files, so if a program zips up a bunch of files and uses a command line to transfer those files to a Russian IP address, that process Is very suspicious and SentinelOne will likely block it
4 – Impliment ‘Least Privilege’ & Network Segmentation
The idea here is to remove as much access from as many people and systems as possible. Even the CEO and CTO should not have access to all the company systems all of the time. If you don’t need a network folder more than two or three times a year, you shouldn’t have access to it. Even the head of your IT department should not have unbridled access all of the time, and should be using services like Microsoft PIM to elevate themselves whenever they need things like Domain Administrator rights. You can also implement network segmentation to separate your critical systems and data from your regular network. This strategy can prevent a ransomware infection from spreading throughout your entire network, limiting the damage to your critical systems and data.
5 – Develop and Test Response Plan
Develop a response plan for a ransomware attack. Your response plan should include steps for identifying an attack, isolating infected systems, and restoring data from backups. Consider hiring a cybersecurity expert to assist in developing your response plan. There is also no point in having backups and response plans unless they are regularly tested so check your backups and response plan to ensure they are effective in the event of an attack. Conduct simulated attacks to identify weaknesses in your system and address them before a real attack occurs.
6 – Penetration Testing To Reduce The Attack Surface
So called “pen testing” can result in a large number of frivolous IT projects that needlesly consume time and money, but if you bring in a good consultant like one your bank or insurance company recommends, you can get meaningful actionable important direction on how to tighten up your company. Two of the great benefits you’ll get from good pen-testing are:
- how many things you can turn off, uninstall, or remove to reduce the attack surface. You can’t hack what doesn’t exist
- at least starting the discussion about how secure your Vendors, suppliers, and contractors are who have partial or access to your systems
7 – Keep Your Software Up-to-date
Keep ALL of your software up-to-date, including your operating system, web browser, and applications. Cybercriminals often exploit vulnerabilities in outdated software to gain access to your system.
8 – Use Two-Factor Authentication
Use two-factor authentication to secure your accounts. Two-factor authentication requires a user to provide two forms of identification to access an account, making it more difficult for cybercriminals to access your accounts.
9 – Monitor Your Network
Monitor your network for suspicious activity. Implement a system to alert you when unusual activity occurs, such as an abnormal amount of file transfers or login attempts.
10 – Purchase Cyber Insurance
Consider purchasing cyber insurance to protect your business in the event of a ransomware attack. Cyber insurance can help cover the costs associated with a ransomware attack, including ransom payments, data recovery, and legal fees.
In conclusion, preparing for a ransomware attack is critical to protecting your business or personal data. Implementing these measures now can help prevent an attack or minimize its impact if it occurs. Remember to back up your data regularly, educate yourself and your employees, use antivirus and anti-malware software, implement network segmentation, develop a response plan, test your backups and response plan, keep your software up-to-date, use two-factor authentication, monitor your network, and purchase cyber insurance.
Telkom Jakarta · May 10, 2023 at 9:28 pm
Develop a response plan for a ransomware attack. Your response plan should include steps for identifying an attack
Sains Data · May 10, 2023 at 9:27 pm
Backing up your data regularly is the most important step in preparing for a ransomware attack.