THREE PRINCIPLES FOR PROTECTING YOURSELF FROM RANSOMWARE
Whether its large-scale virus like WannaCry or more covert attacks, there are good practices that can reduce the likelihood of being hit and sustaining significant damage.
Ransomware attacks have become a very lucrative business
Last year, more than half of US businesses (51%) experienced a
ransomware-type attack at least once and had to pay an average of $ 2,500 per
attack. The success of ransomware attacks is evidenced by FBI figures which
show the evolution of ransoms paid: $ 1 billion in 2016, compared to $ 24
million in 2015.
So it's no surprise that ransomware is at the top of Verizon's
cybercrime rankings in its latest Data Breach Investigations Report (DBIR).
And while 2017 is not yet over, it looks like the scale of
ransomware attacks has increased another notch, with cybercriminals naturally
intent on exploiting the cash cow to the max.
First, there was the global WannaCry attack, which appears to
be the largest ransomware attack to date. It has affected 150 countries and
touched hundreds of thousands of businesses around the world.
A derivative of the ransomware attack named Petya, initially
identified in 2016, followed a few weeks later. Dubbed NotPetya by market
experts, this latest version collected less than $ 10,000 in ransom.
At the time, the main reason for these attacks was not to
extort money, but above all to disrupt and destabilize one country by another
country.
But whatever the motive, businesses need to prepare for more
and more ransomware attacks.
IT professionals use all conventional methods available to
protect themselves against these attacks. The main measures consist in
particular of performing regular backups, updating their lists of authorized
correspondents (whitelisting) and properly managing security patches.
But these tools are no longer sufficient and cannot guarantee
on their own that the most sensitive data will not be lost in an attack.
What more can we do? There is no silver bullet, but here are
three principles that can help guard against ransomware attacks:
1. Involve
the managers of the company
One of the key factors in combating ransomware attacks and
other cyber threats is management commitment and involvement. According to
several security-related studies, too few IT departments are doing everything
they can to avoid cyber-attacks. A lack of involvement on the part of managers,
and above all a reluctance to allocate the necessary budgets to support IT
efforts, force IT departments to fight against new threats with sometimes
obsolete tools.
2. Develop
a counterattack strategy
Resisting a ransomware attack requires a consistent strategy
that focuses on two objectives: the first is to quickly identify the attack in
progress; the second is to take quick action to minimize the impact on the
network, operations and data.
The increasing sophistication of ransomware attacks combined
with new evasion techniques make them even more difficult to detect. Hackers
seek to exploit weaknesses in infrastructure to attack large numbers of
computers on the same network, in a very short period of time. Stopping
ransomware requires quickly identifying the exploited computer and isolating it
from the network to stop the attack from spreading.
It is almost impossible to do this with conventional detection
tools.
However, there are good practices that can significantly
reduce the impact of an attack. Here are the main ones:
Limit
user privileges
Limit access rights and permissions to modify files in strict
accordance with the role of each employee. The continued application of the
principle of least privilege decreases the ability of ransomware to exploit
security holes opened by an employee who does not pay enough attention or who
accesses documents without authorization.
Segment
your network
Compartmentalize your IT infrastructure into different
segments and assign each a different password. Logically group the data,
resources and applications in your network (for example: separate accounting,
sales, and IT data) and only give access to these different segments to the
right people by this information. This will limit the data that malware might
affect and help fix security issues more quickly.
Save in
read-only mode
Make regular backups of all your sensitive data and store
copies locally in a secure location. Make sure that your backup process runs
automatically on a separate account and that no one (even system
administrators) has the right to modify or delete a backup copy. Keep in mind
that ransomware is smart enough to encrypt all the backups it has access to.
Never pay
the ransom
Even though you may be tempted to pay the requested ransom,
please don't! First, you have no guarantee that your data will be returned to
you. In some cases, decryption keys are not stored or sent anywhere. Then, once
you are identified as someone who pays the ransoms, the criminals will come
back to you to demand more and more from you. Instead, pay close attention to
the name of the ransomware, it may already be well identified and decryption
codes can be easily found on the internet. If not, look for other ways to
restore your system or, finally, restore your system with your own backups.
3.
Improve visibility of user activity to detect an attack in progress
The ability to identify a ransomware attack as early as
possible is key to stopping it. Some best antivirus software can
identify signs of a threat early on - such as an excessive number of document
edits in a short period of time, or a suspicious number of login attempts.
These clues help identify a potential ransomware attack in progress.
In short, when an
attack occurs, every second counts. Certain clues allow you to isolate the
affected system and start investigating before the attack does large-scale
damage. It also speeds up the identification of corrupt files and optimizes the
data recovery process.
Comments
Post a Comment