Sorry, the language specified is not available for this page

    How to avoid ransomware: 6 ways to prevent and recover from attacks

    November 24, 2020

    By Asher de Metz

    Ransomware continues to be hackers’ bread and butter.

    In the first half of 2020, global ransomware reports increased 715% year over year, according to Bitdefender’s Mid-Year Threat Landscape Report 2020. In October, government officials warned that hackers were targeting American hospitals as COVID-19 cases increased, looking to hold their data hostage in exchange for millions.

    U.S. government entitles must be on the lookout as well. From January 2019 through June 2020, there were 151 reported ransomware attacks on state and local municipalities in 38 states. Ransomware demands are also on the rise, with demands in the first six months of 2020 averaging $886,625 compared to $366,292 during the same period in 2019.

    Whether you’re a corporation or a city government, the message is the same: You must take action now before you suddenly find your devices locked down and your data encrypted.

    Here are six steps to prevent and avoid ransomware attacks.

     

    1. Keep your backups current – and separate

    You should regularly back up your critical data. The frequency depends on the nature of the data. In some cases, you might need snapshots every hour. For other information, you may only need to back up once a day.

    Make sure you separate those backups from the rest of your network so they won’t get locked down along with your other data and devices if you’re infected with ransomware.

    2. Incorporate segmentation

    We can’t emphasize this enough: Segment your networks. That way, if one segment gets hit, you can cut it off from the rest of your network to prevent the ransomware from spreading.

    It’s also important to segment Active Directory (AD) so it’s harder for ransomware to propagate from less critical AD networks to more critical AD networks.

    3. Patch and harden

    Planning for an attack and taking the appropriate steps to thwart any attack attempts, is essential.

    First, remove local admin and install rights from users. Second, make sure that no shared passwords exist between systems, whether cached or local. Implement Microsoft Local Administrator Password Solution (LAPS) and disable cached credentials. That way, the ransomware cannot utilize these credentials to access other systems and propagate around the network. Third, harden the systems by removing unnecessary software – such as PowerShell – from workstations and closing down ports. Fourth, have a solid vulnerability management program to patch vulnerabilities, such as ETERNALBLUE, to prevent the ransomware from propagating around the network.

    4. Stay on the lookout

    You can spot known ransomware using file-integrity monitoring, security information and event management (SIEM) and other services.

    5. Prioritize testing

    It’s important to test your disaster recovery (DR) plan and processes regularly to make sure they will hold up under a real-world attack. You don’t want to discover that your backups are out of date or you can’t recover from them when you’re under attack.

    6. Educate your employees
    Educate your employees on how to spot and report phishing emails before they click any suspicious links, and keep them abreast of the latest phishing scams. While not every strain of ransomware works this way, having knowledgeable employees as a first line of defense greatly reduces certain threats.

    Recovering from a ransomware attack

    If you’re hit with ransomware and you’ve taken the steps above, you only need to shut down or segment the infected devices or system, recover from your backups and go back to work.

    If you haven’t taken the necessary precautions, however, there are often just a few options, and none of them are great.

    The first option is to give in to the hacker’s ransom request. Paying is almost always a bad idea, as it tells hackers you’re willing to pay and puts a target on your back for future attacks. And now that the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory highlighting sanctions risks for ransom payments to certain entities, paying isn’t always an option.

    Thankfully, most cities and municipalities have refused to pay ransoms. According to our research from January 2019 to June 2020, only 12 municipalities reported paying some or all the ransom demanded.

    The other option is to recover your compromised data and rebuild systems from scratch. In some cases, this process can take weeks.

    That’s why many companies work with an experienced partner to gain access to expert resources that can expedite a return to business as usual. But again, engaging with a partner is a step to take before you become the next victim of ransomware. The last thing you want is to be hit by a cyberattack and realize you’re not ready.

    What are you doing to protect your data and your business?

    Other Posts You Might Be Interested In

    Why Bad Rabbit ransomware was easily preventable

    by Asher DeMetz Another ransomware attack made its way across the globe this week. Bad Rabbit started spreading across Russia and Eastern Europe on Oct. 24, and was... Learn More

    Cybersecurity Basics: How Local Governments Can Avoid Ransomware Attacks

    Baltimore has already spent $18.2 million in recovery and other costs after a ransomware attack in May. A school district in upstate New York recently delayed... Learn More

    Ransomware attacks against U.S. government entities in 2019 and 2020: 5 key observations and takeaways for municipalities

    U.S. city and county governments were targeted by 106 ransomware attacks in 2019 and 45 in the first half of 2020. But these numbers don’t tell the whole story. Not even... Learn More