The Silver Lining In Your Cloud TM

How to Beat a Ransomware Attack

Cybercriminals are constantly evolving their attack methods and strategies. These thieves will exploit any weaknesses they can find to make a profit from your business’ hard work.

In recent years, an attack method that extorts payment from businesses has come into prominence.

Known as a ransomware attack, this tactic works by uploading malware onto a business’ system and forcing the encryption of all data on the business’ network.Once the encryption is complete, the victim is given an ultimatum: pay the ransom within a certain period of time, or the encryption key for the data will be deleted. Hackers have used this tactic to great effect in the past.

According to data cited by the U.S. Computer Emergency Readiness Team:

Using data from a command and control (C2) server of 5,700 computers compromised in one day, estimated that approximately 2.9 percent of those compromised users paid the ransom. With an average ransom of $200, this meant malicious actors profited $33,600 per day, or $394,400 per month, from a single C2 server. –U.S. CERT

The worst part is that paying the ransom didn’t guarantee that the encryption key would be provided, or that the encryption malware would be removed. This would leave businesses open to further attack and extortion.

Rather than paying thieves money for access to their own data, businesses should find ways to thwart ransomware attacks so that thieves never get a penny.

With this in mind, how can a business beat a ransomware attack?

There are a multitude of strategies businesses can use to thwart attempts to ransom their data, including:

Preventing the Installation of Malware

A hacker cannot hold a business’ data hostage if their encryption malware is blocked from being installed.

Preventing ransomware installation is an active process that requires a strong combination of preventative measures and constant vigilance. Companies looking to prevent ransomware installations from happening can use the following tools and tactics:

  • Strong Perimeter and Per-Machine Firewalls
  • Screening of All Email Attachments and Links
  • Application Whitelisting
  • Maintaining Up to Date Anti-malware
  • Scanning All Downloaded Files Prior to Running Them
  • Disabling Email Macros
  • Restricting User Rights to Install and Run New Software

These strategies can all help to reduce the risk of malware making it onto the business network. However, a few of these techniques can be difficult to employ.

For example, application whitelisting, while incredibly potent for preventing malware installation, can also block the installation of business-critical software if that software isn’t on the “trusted” list. Restricting user access and program installation rights is similarly effective, but can impact productivity for some employees.

Firewalls and anti-malware/antivirus programs are an excellent tool for preventing the installation of ransomware programs, but these measures alone won’t provide perfect protection. Keeping all software up to date limits exposure to vulnerabilities and exploits that a hacker might use to bypass your security.

When carefully managed, these prevention techniques can be highly effective for preventing the installation of malware. However, there’s another way to thwart even a “successful” malware attack:

Using Data Backup and Disaster Recovery

Hackers are a persistent lot. Even the most secure infrastructure may be exposed to the occasional bit of malware. However, organizations that have a comprehensive business continuity plan with data backups and/or disaster recovery can overcome a successful ransomware attack.

Even just a basic local backup of all business data on an isolated hard drive is a powerful tool for businesses. With this backup, businesses can wipe their infected drives and re-upload data from the backup.

Doing manual backups places a heavy demand on businesses to manage their backups to keep their recovery point as recent as possible to minimize data loss, which can be labor and resource-intensive. Also, if the backup copy gets infected, then the backup is rendered useless.

Recovery times on manual backups vary, but it can take a day or two to completely wipe or replace every infected machine so the backup can be uploaded.

Disaster recovery (DR), while similar to using backup, takes the recovery process a step further to ensure resiliency. Many disaster recovery plans constantly replicate production environments to a remote, off-site server to ensure the most recent recovery point possible.

By keeping a complete replica of the production environment, and setting aside the computing resources needed to run it, businesses can quickly spin up the copy in case of an emergency, minimizing the time it takes to recover from a ransomware attack. Managed DR services can help perform the switch for businesses to minimize disruption.

The only major drawback to using a managed DR service with full replication and reserved resources is that there is a cost to reserving the extra resources needed to quickly spin up a complete copy of your environments.

However, when an extortionist tries to demand money in exchange for an encryption key, you’ll be able to quickly switch production environments and keep operations running like normal without worry.

With strong resiliency measures like full-replication disaster recovery, businesses can easily defeat a ransomware attack.

So, is your business ready to defeat a ransomware attack?