Prepare for Ransomware Attacks – What to Know

Cyberattacks are starting to hit harder than ever – and they are hitting every sector.

Ransomware attacks are becoming more vicious and impactful to our clients. Here are some high-level thoughts on preparing for the next attack.

Ransomware attacks are nothing new, they have been around for ages – the first documented attack being in 1989 known as the AIDS Trojan. This attack set the stage for the more sophisticated attacks we are seeing more frequently today. Infections have steadily increased every year since 2013, reaching record levels last year in 2017.

Recently, these infections have become more advanced and more dangerous. Hackers are now making their software harder to detect. Attackers can now also combine attacks by crafting a software to first hack into a network and then build a second software to capture the keystrokes of the users. With these attacks becoming more complex, it is important to ensure your organization is actively working on security practices and adding layers of protection constantly.

The Risk

Hackers made more than five billion dollars in 2017 through infecting computers and software, and it is only becoming more common in 2018, according to the 2018 Threat Impact and Endpoint Protection Report. This report acknowledges that companies of any size and of all industries are at risk for these attacks. A huge risk when infected is the loss of data – Below is a chart from the report that displays the kinds of data potentially lost or encrypted.

Repairing and cleaning up after an attack is where most companies see the most impact. Many companies pay the ransom, not so much to get their data back, but in an effort to get the attackers to call off the attack. Interlink recently was helping a customer rebuild servers only to see them hijacked again in a matter of hours. Even clean backups didn’t help. Sometimes paying the ransom works and sometimes it doesn’t.

The major cost, as we all know, isn’t the ransom, it is the impact to the business and the downtime that these attacks can cause. Some attacks can result in so much damage, the company is not able to function or perform simple tasks or generate any revenue. The graph below compares the number of users affected and the number of hours of downtime it took to repair because of a ransomware attack.

www.knowbe4.com 2018 Threat Impact and Endpoint Protection Report

Prevention

The question is, how can you protect your company from these attacks? There are a few steps that end users and companies can take to reduce their risk of falling victim to ransomware. Considering the devastating effects that ransomware can have on an organization, it’s necessary to work on preventing these attacks.

Education

Effective defense relies on educating the staff. Interlink has tools that can help with end user testing and training.

1. Users should learn how to identify these attacks and what they could look like, and recognize any warning signs
2. Your company should know about the best options for security
3. There should be a plan in place, and employees should know what to do in case the company is hit with an attack

Security Best Practices

Proactive Security involves layers.

1. Employ content scanning and filtering on mail servers
   • Deep scanning by authority and using tools
2. Ensure all systems are up to date with relevant security patches and that patching is automated
3. Use reputable antivirus software and a firewall
4. Always back up your data, including offsite backups
5. Ensure backup data is isolated from the production data
6. Identities are protected by more than just a password – two-factor authentication is a must
   • Single sign-on helps keep user credentials off of the internet
   • Identities are audited regularly so that terminated users are removed and access is limited to only what is needed
   • Changes to elevated credentials are flagged and reviewed actively
   • Password policies should lock out attackers after multiple attempts
   • Network intrusion software – helps monitor and defend against attacks
   • Cloud monitoring – monitoring what is occurring in your clouds and reports back on suspicious activity
   • Data Loss Prevention software
   • Encryption at all levels to protect data
7. Network intrusion software – helps monitor and defend against attacksCloud monitoring – monitoring what is occurring in your clouds and reports back on suspicious activity
8. Data Loss Prevention software
9. Encryption at all levels to protect data

The next step to combat ransomware is deploying a response procedure in the instance your company is hit with an attack. The last thing you want is to have your team scrambling after an incident, making the situation more hectic.

1. Identify – The first step is always identifying what has been infected and compromised to stop the infection from spreading as soon as possible.
2. Disconnect – Any machine or device that was infected should be disconnected from the network and cleaned up before re-connecting.
3. Evaluate – It is important to come up with a plan of recovery by evaluating the attack. It can often be helpful to contact outside help for advice and guidance as well.
4. Restore – Carry out a plan of recovery to restore and clean up any infected device or network and determine vulnerabilities within your security.
5. Secure – Deploy new or updated security solutions to help prevent future attacks. Learn from your previous vulnerabilities and where to improve and add extra layers of security.

According to the article Will Artificial Intelligence Save Us from the Next Cyberattack?, the future of recovering from these attacks will include Artificial Intelligence (AI). Identifying and evaluating the attack are the first steps to recovery, and AI can make correlations and provide the details associated with a threat actor, campaign or motivation for the attack. AI can also help companies by advising solutions, because people don’t always have the decision-making qualities to resolve a major cyberattack. While AI and machine learning still have a way to go, the increasing threat of attacks is resulting in a higher demand for the best solution, and AI security systems may come in handy.

Interlink’s Recommendation

A big problem we see when our clients are hit with these attacks is that they have no strategy or plan for recovering their systems efficiently and quickly. The best way to tackle these infections and get ahead of them is to take the necessary precautions to prevent an attack and also take the steps to plan for after the attack – before it happens! We recommend evaluating your current situation and improving security and planning from there. You can schedule a consultation with us today for help assessing your current environment or learn more about our security solutions. By taking these steps, your company will be able to better prevent, detect and recover from ransomware attacks. With these infections becoming more prevalent, your company needs to ensure a secure platform with multiple layers of security. Interlink is here to help protect your data and critical systems and assist in identifying when these breaches occur. Our experts are available for guidance or to walk you through any of Microsoft’s solutions to assist after an attack and to prevent future ones. Our team has experience recovering organizations hit with these attacks before to get them back on track. Get in touch with us to find out more about keeping your company safe.

For more information on Ransomware, check out this blog from our partner at Peters & Associates.