Ransomware is quickly becoming one of the most prominent problems of the cyber world. The ease of unleashing ransomware attacks, a growing attack surface thanks to rapid digitization and the anonymity offered by cryptocurrency payments to hackers have together fuelled this plague further.
But are ransomware attacks preventable? And if yes, what are some steps businesses can take for ransomware prevention? We explore this and more in this blog.
Ransomware attacks can be caused by various types of malware which enter into the victim systems, encrypting files and data, until a ransom is paid. Ransomware infection can spread through a network quickly, bringing entire businesses to their knees within minutes.
Considering ransomware attacks can restrict access to business data for days or weeks on end, they can lead to serious loss of business and can have very damaging consequences for an organisation or its customers, going beyond just monetary impact.
As we saw recently in the case of the Colonial Pipeline attack, gas supplies in the East Coast of the US became severely impacted for almost a week. In another gut-wrenching example, one hospital in Alabama, was allegedly sued because apparently a baby died at birth since the hospital wasn't capable of giving it proper care as it grappled with a ransomware attack.
This was the first credible public lawsuit citing a ransomware attack as a cause for death and healthcare negligence.
These examples highlight the far-reaching and severely catastrophic results that ransomware attacks can have on businesses and on individual lives.
The resounding message here? Ransomware prevention is something that businesses and governments need to think about and invest in with utmost urgency.
Ransomware has to be one of the key focus areas of your Incident Response Plan. Further, this plan needs to be rehearsed over and over again, through Ransomware Tabletop Exercises, until it becomes a part of the muscle memory of the decision-makers.
Read our blog here on why Ransomware Tabletop Exercises can’t be ignored in 2021.
Ransomware attacks most commonly occur in the form of a phishing attack. This could mean that someone in the organisation has downloaded a malicious attachment from a suspicious email. It could just as well be that someone visited an infected website and malware was downloaded on their laptop or mobile device inadvertently.
Basically, in situations where the end-user awareness is low and there’s a lack of basic cybersecurity education and awareness, chances of ransomware attacks are higher. This makes training every employee in cyber incident planning and response imperative today.
But this is not to say that in cases where employees and/or executives are conversant with cybersecurity hygiene and good practice, mistakes can’t happen enabling hackers to succeed.
At Cyber Management Alliance, we always advise our clients to be prepared for when and not if they will get attacked.
Read that again, when and not if.
However, the story is slightly different in the case of ransomware attacks. As discussed above, ransomware attacks most often happen due to human error, incautious web browsing, weak passwords etc. In the case of Colonial Pipeline, it was ONE leaked password that managed to hold ransom the largest petroleum pipeline in the largest world economy.
So if an organisation takes some basic steps to educate its staff and put in place some good cybersecurity practices, it is indeed possible to prevent malicious actors from blocking your data and locking you out of your own systems.
There are several resources available online such as our Ransomware Checklist which enlists a few basic steps to ensure Ransomware Readiness in your business. You can always invest in our Ransomware Assessment to truly gauge where your business stands in terms of its capability to prevent a ransomware attack or how vulnerable it is to one.
First things first, let’s clarify that nobody in the world knows the secret code to avoiding ransomware attacks altogether. If they did, giants like Travelex and Colonial Pipeline would never have succumbed to ransomware attacks and had to pay the ransom.
Yet, there are indeed some steps you can take to enhance your preparedness and bolster your responsiveness to ransomware attacks.
Here are some basic tips for ransomware prevention from Cyber Management Alliance’s CEO & globally-recognised cybersecurity leader, Amar Singh, who has helped many global organisations prepare for and respond to ransomware attacks:
1. Manage your privileged users properly: They need to be taught how to use their privileged credentials and also how to guard them correctly. As we saw earlier, all it takes is one leaked privileged credential to wreak havoc.
Privileged users need to be made aware of their responsibility in the overall cybersecurity strategy of the organisation, and particularly with regards to ransomware attacks.
2. Backups: No matter whom you ask, every cybersecurity expert will tell you that data backups are critical to ransomware prevention.
The logic is simple - if you have exceptional offline backups and are able to protect them from becoming encrypted when ransomware hits your organisation, you can quickly recover your data and bounce back to business in no time.
You don’t have to pay when the hacker demands a ransom and that’s half the battle one right there!
3. Updates: Again, a very basic step but something many of us forget to put into practice. No matter what operating systems you use, security patches and regular updates are essential. You should also avoid using out-of-support OSes.
These steps just scratch the surface when it comes to everything you can do for ransomware prevention in your organisation. For a more comprehensive understanding of the steps you can take on your end, do check out our Ransomware Checklist.
You might also want to download our Ransomware Workflow which serves as an easy visual guide if you’re hit by a Ransomware Attack.
We’ve also compiled a detailed Golden Hour Ransomware Response Checklist that tells you what to do right after you’ve been attacked - Should you pay the ransom? Should you inform law enforcement agencies, and when? The checklist helps you answer all these questions and more.