Ransomware: expert prevention and mitigation advice

Ask anyone who’s been through it: ransomware attacks are nasty, insidious beasts that can spike stress levels, lean hard on resources and steal funds from organizations. They impact brand reputation, deflate morale and significantly disrupt normal business operations.

Worst of all, ransomware reports on the rise.

A recent survey shows that the biggest cost to business is downtime, not the ransom payment. The other interesting finding is that almost half of all attacks target firms with more than 20 employees, with 60% targeting those with 100+ employees.

With companies opting to pay the ransom to avoid downtime, they help to fund the criminal business model, which not only encourages existing attackers to ramp up their nefarious activities, but also inspires other potential cybercriminals to join the ransomware fray.

The only way to stop attackers is to hit them where it hurts: the proverbial wallet. Lowering your exposure to ransomware attacks is key – so is having agreed mitigation plan in place that can be immediately launched, should you find yourself a victim of this cyber scourge.

The ransomware business model

File-encrypting ransomware employs similar attack vectors as other types of malware. The attacker’s objective is to get access to your systems in order to encrypt files.

Encrypted files are rarely recoverable without the decryption key, which is offered to you by the attackers for a fee, or ransom. If the ransom is not paid in a set amount of time, the ransom amount is increased.

Upon receiving payment, the attackers pledge to decrypt the files.

Popular ransomware attack vectors

Ransomware attacks need access to the network in order to encrypt files. The most popular techniques employed to access the network include exploiting system vulnerabilities and employing social engineering techniques (such as duping a staff member into revealing access codes to the system).

How to avoid a ransomware attack

There are a few steps that can significantly lower your risk of exposure:

  • Regularly pen test your network to patch known vulnerabilities and review permissions and configurations
  • Monitor traffic, automating immediate flagging of suspicious activities
  • Provide detailed cybersecurity training to staff
  • Perform serialised back-ups regularly in case newer backups are compromised.

What to do if you think you may be under ransomware attack?

It is vital that no firm feels they are immune to ransomware attack. Attackers often employ sophisticated social engineering tactics – similar to those seen in phishing attacks. If they gain access to the system using valid credentials, these insidious attacks can be much more difficult to spot.

To avoid the headless chicken approach to dealing with an emergency situation, it is recommended to have a solid practiced plan in place. The faster you can mitigate against the attack, the easier it will be to resolve the issue without paying out.

Isolate the problem

The first step is to maintain as much network integrity as possible, and that means preventing the infection from spreading across your network.

While availability will be affected if you choose to shut down the entire network, it may be your only choice if isolating and quarantining affected machines is not an option.

Analyse the problem

This phase is all about scoping the issue in order to isolate the attack vector.
Not only might you want to contact the authorities, but you might also want to bring in third party IT security experts to help resolve the issue and harden systems to avoid future ransomware attacks.

The more information you can provide upon contacting them, the easier their job will be. Answers to the following questions will be helpful:

  • Can you locate a source of intrusion or infection?
  • How many machines are impacted?
  • Are any files or data already encrypted?
  • When was the last system backup?
  • Can you isolate the attack vector?
  • Have you noticed any suspicious activity on your network and if yes, when did it first appear?

Get help!

Unless your company is lucky enough to have in-house IT-security experts that can deep-dive your systems, isolate the attack vector and implement security measures to prevent further attacks, it is highly recommended to bring in third party expert consultants.
You want to make sure that anyone you bring in has a proven track record of penetration testing systems to isolate and eradicate vulnerabilities lurking on the system.

Note that once infected, it is often impossible for even the best IT security experts to recover files without paying the ransom to the attackers.

This is why prevention, as well safety-net security measures like serialised back-ups, are a much better alternative to remediation.

If you are concerned about ransomware prevention or a possible attack, please contact TBG Security.

About TBG Security Inc.

TBG Security is a leading provider of information security and risk management solutions for Fortune 100 and Fortune 500 companies. TBG designs and delivers cyber security solutions to work in harmony with existing operations. Companies depend on TBG services in areas including risk management, penetration testingsecurity policy development, security strategies for compliance, business continuitynetwork security, managed servicessoftware and service integration and incident response.

For more information on how TBG Security can help your organization with your information security initiatives please visit https://tbgsecurity.com.

Previous ArticleWant to outsource your IT security? 43 questions to ask Next ArticleSocial engineering series: the psychological norms exploited by fraudsters