Ransomware attacks have escalated to the point that the U.S. government is now treating them as acts of terrorism. This is not an overreaction. These attacks have caused massive operational disruption to local governments, law enforcement, educational institutions, healthcare networks, critical infrastructure, and more. No industry, organization, or person is immune to these attacks.
Ransomware is not a new threat, but it has evolved into a more destructive creature. Criminals have expanded their skillsets and refined their tactics to create a double extortion scheme. They base their ransom demands on research they perform ahead of the attack. They steal sensitive data from their victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. Since criminals cannot be trusted, victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret. Some ransomware criminals will accept payment but sell the data anyway.
There has never been any guarantee that paying a ransom would result in the recovery of all encrypted data. Victims should now understand that any data stolen in a ransomware attack is compromised forever. There is simply no reason to pay criminals for their crimes.
How to protect your company from ransomware
Protecting your company from ransomware attacks is all about protecting your data. You can break this down into three focus areas:
- Protect your credentials. Phishing is the primary attack vector for ransomware, so you must maintain a culture of awareness around credential security. Develop a process to train users on email security, and deploy anti-phishing technology that can identify and flag unusual activity. If the attacker cannot access credentials, it is much more difficult to escalate the attack from phishing to ransomware.
- Secure your web applications. Online applications like file-sharing services, web forms, and e-commerce sites can be compromised by attackers. Web applications are attacked through the user interface or an API interface. Often these attacks involve credential stuffing, brute force attacks, or OWASP vulnerabilities. Once the application has been compromised, the attacker can introduce ransomware and other malware into the system. This can go on to infect your network as well as users of your application.
- Backup your data. It is critical that you have a backup that meets these standards:
- Comprehensive — You should be aware of the location of all data on your network. This includes configuration files, user documents, and archived data around employees, clients, etc. All this data should be backed up, and data that is currently used should be backed up at least once per day.
- Resilient — When ransomware attacks your network it encrypts your data and attempts to disable backup systems and destroy backup files. The safest approach is to deploy a backup system that replicates data to a cloud that offers unlimited storage and a robust search and restore capability. Office 365 users should add third-party cloud backup to protect SharePoint, Teams, Exchange, and OneDrive data.
You should assume that there will be ransomware attacks against your company. If the attack is successful, you should have a plan to not pay the ransom.
Barracuda offers comprehensive ransomware protection, email security, web application security, and data protection. Visit our website to see how we can protect your company from these attacks.
Tim Jefferson serves as Senior Vice President for Barracuda’s Data, Networking and Application (DNA) product division. He is responsible for the strategy and product development around Barracuda’s offerings in the areas of data protection, network security, and application security that span hybrid deployments including public cloud in AWS, Azure, and the Google Cloud platform.
Prior to joining Barracuda, he served as Head of Business Development, Security and Networking at Amazon Web Services (AWS) where he led go-to-market initiatives for AWS security and networking services. Previously at AWS, he worked as the AWS Global Alliance Security Ecosystem Lead, where he developed global ISV and consulting partner strategy to successfully align with AWS customer use cases. Jefferson has more than 18 years of experience in the high-tech industry spanning leadership roles in operations, product development, marketing, and sales. Jefferson is a graduate of the University of California Santa Barbara where he earned a Bachelor of Science degree in hydrologic sciences.