Unless you’ve been living under a rock, you know that ransomware is a threat that just keeps getting worse. Criminals target companies of every size and in every industry. Average ransom demands grew from $5K in 2018 to almost $200K in 2020—and this year we’ve seen many ransoms paid in the tens of millions. And the average downtime a company experiences after an attack is now 21 days—completely unacceptable in a fast-paced business environment.
Here at Barracuda, we work hard to keep up with the latest tactics used by criminals, who are constantly devising new ways to get ransomware into your systems. Our most current research has uncovered a three-step process that is currently the dominant way for ransomware to be deployed:
- The first step is to use evasive, sophisticated phishing email to harvest credentials from your unsuspecting employees.
- Once credentials have been obtained, the second step is to use them to access the online applications that your business relies on and to find the valuable data that sits behind those applications.
- Finally, they use ransomware to encrypt your business-critical data (and, in some cases, they steal it as well). If they can, they’ll be sure to encrypt your backup system, leaving you no choice but to pay the ransom when the demand arrives.
Fortunately, the strategies and technologies you need to protect your organization at every stage of these attacks are relatively straightforward and, for the most part, quite simple to implement. And that’s where the Barracuda Ransomware Protection Checklist comes in. Use the checklist to make sure you’ve got everything covered and that you’re not leaving any gaps or vulnerabilities for crooks to exploit.
Email: The foot in the door
Protecting your email system and users against phishing emails is critical to keeping ransomware attacks from getting started in the first place. But today’s highly evolved phishing attacks are able to bypass traditional secure email gateways. That’s why it’s important to use a security solution that employs artificial intelligence and machine learning to identify malicious phishing and account-takeover attacks.
It’s also vital to constantly improve users’ security awareness. Even when a phishing email slips past your technical defenses and lands in users’ inboxes, if those users recognize and report it as a threat, you can act to prevent any damage. So be sure to use a modern, computer-based security-awareness training system so that your users are well-equipped to help defend against ransomware.
When phishing emails arrive, they typically target a number of users. So even if one user spots and reports it, you still need to eliminate that email from any other inboxes it may have reached. This remediation process can be time-consuming when done manually—which allows time for a user to click the wrong link or otherwise respond to a phishing email, launching the ransomware process. Automated remediation capabilities can dramatically accelerate that process and greatly reduce risk.
Apps: The keys to the vault
Too often, applications are deployed that have open vulnerabilities that give criminals access to your data. Make sure you use a web application firewall that finds and patches vulnerabilities to prevent the full spectrum of known application-layer attacks.
Access to internal applications is another potential point of attack for ransomware criminals. If they are using stolen credentials, it is still possible to prevent them from accessing your apps by using a modern zero-trust access solution, which continuously monitors multiple authentication factors to verify user and device identities.
Finally, make sure your network firewall is able to monitor internal traffic to spot and block lateral movement within your network, a key strategy employed by criminals to seek out valuable data and spread ransomware infection.
Data backup: Your last, best line of defense
A good backup solution is kryptonite for ransomware. If you can respond to a ransom demand by deleting all the encrypted data and restoring it all from your up-to-date backup system, that’s a great outcome (for you, not for the criminals). But not all backup solutions are created equal.
First of all, make sure that you are backing up all your data, whether it’s on-prem, in a co-location datacenter, or in cloud or SaaS applications such as Office 365.
Also, remember that backup is, in some ways, just another application. Attackers will seek to gain access to it, in order to encrypt or corrupt the backed up data so that you are forced to pay. Be sure to use advanced, role-based access controls and multi-factor authentication to ensure that it’s as hard as possible for unauthorized persons or devices to get into your data.
Finally, make a recovery plan. Game out everything in advance, from your technical response (eliminating the malware, deleting and recovering data, and getting everything back up and running) to your business response (informing partners and customers, issuing a press release, involving law enforcement agencies). Test it, drill it, and work out all the kinks, so that if the worst happens, you’ll be ready to respond effectively.
Ransomware is a very real threat, and it is definitely getting worse. But with the right preparation, you can dramatically reduce your organization’s risk factors and equip yourself to send ransomware criminals home empty-handed. Print out our clear, straightforward, one-page Ransomware Protection Checklist and use it as a guide to make sure you haven’t left any gaps in your security.Ransomware Protection Checklist
Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.
You can connect with Tony on LinkedIn here.