Securing Against Data Kidnapping (Ransomware)
It’s hard to miss the term ‘ransomware’, especially since it’s at the forefront of any discussion about enterprise security these days. This cybersecurity nightmare is bringing the criminal activities of kidnapping and extortion to businesses’ most important asset; data.
Considering how ransomware is fast emerging as one of the biggest security threats for consumers and businesses, it is risky — and potentially disastrous — to not to make protecting your organization a top priority.
Numbers show a staggering growth in ransomware-related incidents
While ransomware is a relatively new threat — having entered the cyber-crime landscape only three years ago — it’s spreading like a wildfire, rapidly expanding its attack perimeters with each passing year.
As reported by the FBI, victim companies in the US had to pay more than $209 million to retrieve stolen data in just the first three months of 2016. That’s a whopping 771% rise from the $24 million that companies had to spend as ransomware payments in 2015.
Symantec reported more than 4,000 cases of ransomware attacks per day since Jan 1, 2016, a 300% increase over 2015.
And it’s not just these; there are plenty of reports and surveys online that have drawn the same conclusion —ransomware is growing faster than ever and there are no signs of it slowing down.
Ransomware attacks are getting more sophisticated
Malware is evolving and increasingly becoming more and more sophisticated. Some of the new programs that are being used can bring an entire organization to an absolute standstill, attacking multiple machines at the same time. Just take the example of ransomware attacks on MongoDB databases, where hackers blocked access to nearly 27,000 servers demanding money in exchange of the seized data.
At this time, there’s nothing that can be done if a ransomware attack hits your system, but there are preventive measures to ensure it doesn’t. With ransomware expected to dominate the threat landscape this year, here are some ways to build a defence strategy against it.
1. Have a robust data backup
Keeping a backup is probably the best way to ensure the security of data. It is also the fastest way to get back to business in case the system gets infected with malware.
Enterprises having a solid backup process can easily recover their data without succumbing to blackmail threats. However, verifying the integrity of data and testing the restoration process is crucial to make sure it's working.
2. Access blocking
Logically classify networks and configure firewalls to prevent access to known malicious IP addresses. This will help block the spread of malware.
3. Conduct awareness programs and employee training
Awareness and training programs should be organized by management at regular intervals so that employees at every level of the organizational structure are aware of ransomware and its method of deliverance.
4. Have a comprehensive email protection plan in place
Scanning all incoming and outgoing emails is vital. This ensures early detection and barring of malicious threats from affecting the end users.
Organizations, for their own safety, should also enable spam filters as well as inbound email authentication technologies like DomainKeys Identified Mail (DKIM), Domain Message Authentication Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) to block phishing emails and prevent spoofing.
5. Install ad blocks
Any malicious program, especially a ransomware, is often administered through ads that are featured on certain untrustworthy sites. Blocking of ads or restricting the access of such sites can reduce the risk of ransomware threats infiltrating the system.
6. Deploy Next-Generation Antivirus (NGAV) Technology
NGAV, an evolution of traditional antiviruses, provides a spectrum of protection features against the latest and deadliest of cyber-attacks. Leverage the cutting-edge benefits of NGAV to ward off potential ransomware threats.
7. Categorize your data assets
Implement physical and logical separation of networks and data based on priority, security, and organizational value. This will enable faster alert response on high-impact threats
As ransomware continues to evolve and grow, organizations will need to identify vulnerabilities and gaps in their security strategy. By closing those gaps, they will be able to reduce the potential attack surfaces and protect their valuable assets. Besides, it will become critical to have an ongoing business impact and threat assessment analysis to stay prepared in the face of the rising ransomware threat.
At F3, we help protect your assets by providing a complete security solution tailored to your business needs. We’ve invested the last several years in creating and implementing solutions that provide insights into security vulnerabilities and gaps where enhancements can be made, and offer guidance and recommendations for advancements to prevent risk. Visit our website to learn more about our security assessments.