Every minute, four companies fall victim to ransomware.
Cybercriminals achieved unprecedented success in Q2 of 2023, reaching the highest ransomware victim count per quarter observed to date.
Q2 saw a 67% rise in attacks compared to Q1 2023 and a 97% increase year on year.
But an exponential rise in the number of attacks isn’t the only problem:
- Small to medium-sized businesses (SMBs) are increasingly targeted — business services, retail, and manufacturing are now the most attacked sectors.
- The global average ransom payment has grown to $1.5 million.
- 80% of businesses that pay the ransom are attacked again and 21% are still unable to recover their stolen data.
The situation has become so dire that the White House reclassified ransomware as a national security threat earlier this year.
At this point, it’s not a matter of ‘if your business gets attacked’ but when.
The only way to protect your business from ransomware is to have a robust prevention and response plan in place — here, you’ll learn how to prevent ransomware attacks and what we can help you with if you choose to partner with us.
What Is Ransomware?
Ransomware is malware that uses encryption to take control of a victim’s information.
By encrypting crucial data, including files, databases, and applications, organizations are unable to access their own information. Subsequently, a ransom is demanded in exchange for restoring access.
Besides data encryption, criminals may threaten to publicly release the data or notify your customers or the media about the breach.
What Can Make Us More Susceptible to Ransomware?
Several factors increase the likelihood of becoming a ransomware target, including:
- Lack of cybersecurity education among your employees — a Verizon report revealed that 82% of data breaches in 2022 involved human error.
- Poor email configuration and weak to no password policies — the same report showed that compromised credentials led to almost 50% of attacks.
- Technological frailties, including outdated hardware or software, unpatched apps and operating system (OS), public remote access ports, and IP addresses with botnet activity.
- Staff shortage in your IT and security teams and lack of cybersecurity monitoring and processes — to protect your business, you need highly skilled employees and partners and an effective layered security approach.
The problem is that SMBs often lack the resources and level of expertise required to implement and maintain a robust ransomware prevention plan.
Our seasoned IT team can partner and collaborate with yours to provide you with the level of ransomware protection your business needs. Contact us to get a free cybersecurity assessment and learn how to prevent ransomware attacks against your business.
How to Prevent Ransomware Attacks — 10 Tips for Prevention & Response
So, how can companies prevent ransomware?
Well, you can’t fully prevent attempted attacks and data breaches but there are steps you can take to reduce the likelihood of becoming a ransomware victim.
To help you protect your business and mitigate the consequences — if an attack does happen — we’ll go over ten ransomware best practices for prevention and response.
1. Back Up Your Files
The 3-2-1 backup rule is the most effective way of proofing your business against ransomware attacks:
- Maintain at least three separate data versions.
- Store those copies on two different storage media.
- Keep at least one copy offsite.
In addition, regularly backing up your system, verifying the backup process, and ensuring data restorability and accessibility are all crucial to mitigating ransomware risks.
Finally, remember that even popular online backup solutions may carry vulnerabilities since the backed-up data can be overwritten by ransomware — that’s why the 3-2-1 method and offline storage are so important.
2. Regularly Train Your Employees
According to Deloitte, “91% of all attacks begin with a phishing email to an unsuspecting victim.” To reduce these mistakes, provide employees with security awareness training during onboarding and at least once a year after that.
You can also use phishing simulation software, like KnowBe4, to help them recognize fraudulent emails, attachments, and downloads as well as malicious hyperlinks and malvertisement.
3. Patch Vulnerabilities Frequently
To gain access to corporate networks, cybercriminals often exploit vulnerabilities in core applications like Microsoft (Office and Operating Systems), VMware, and Linux, among others.
To effectively protect against ransomware and facilitate early detection, software must be maintained and updated regularly, with special attention to security and anti-malware software.
4. Implement an Intrusion Detection System
“As more ransomware groups exploit vulnerabilities in third-party vendors, businesses will be blindsided unless they continuously monitor their extended ecosystem for susceptibility indicators and the earliest warning signs of risk,” says Bob Maley, CSO at Black Kite.
In essence, to cut off attacks in the early stages, you need to continuously monitor anomalous signs and malicious activity.
Two popular intrusion detection systems are:
- Using Software-Defined Networking (SDN) to detect and block malicious traffic at the network level.
- Using sensor-based methods (i.e., deploying various types of sensors to identify ransomware within a network and generating real-time alerts).
5. Use Email Filtering Software
Use email filtering software to block malicious attachments, executables, spam, and phishing. Naturally, if fewer emails with malicious content reach your employees, the chances of an attack will be reduced.
Robust email filtering is one of the most impactful steps you can take to protect your company.
6. Whitelist or Block Applications
By whitelisting only approved and necessary applications, businesses effectively limit the attack surface for ransomware.
Unauthorized programs are prevented from running, reducing the potential entry points for ransomware.
For example, you could whitelist:
- A productivity suite, like Microsoft Office or Google Workspace
- Enterprise resource planning software, like Oracle or SAP
And blacklist:
- Peer-to-peer file-sharing software since it increases exposure to malware and unauthorized file-sharing
- Remote administration tools that cybercriminals can use to gain unauthorized access and control over systems
7. Keep Access Privileges to a Minimum
Implement access management software to limit access and minimize potential malware entry points into your organization. You can also:
- Restrict user write capabilities
- Block execution from user directories
- Tightly control access to network storage and shares
Certain types of ransomware need write access to specific file paths to install and execute. That’s why limiting write permission to fewer directories can hinder some ransomware from fulfilling its purpose.
8. Silo Networks Based on Task or Department
Separate your networks based on their task or department to reduce the amount of data a single attack can steal. Additionally, you can set up a system that requires a login at certain access points.
9. What to Do in Response to Ransomware?
According to Danny Allan, CTO at Veeam, security and prevention are critical, but having a response plan to act quickly if a ransomware attack happens is just as important.
Create a decision tree to help you make rational decisions under stress. Include variables such as the availability of backups, cost of downtime, and cost of the ransom.
At the network level, your response plan should include the following steps:
- If possible, take a snapshot of your system’s memory. Later, this will help you locate the attack vector and any cryptographic material that might assist you with decrypting data.
- Shut your system down to stop the ransomware from spreading.
- Identify the attack vector and retrieve all emails that might be infected to prevent the attack from spreading further.
- Restrict network access to identified command-and-control servers used by ransomware since it’s often unable to encrypt data without access to these servers.
Lastly, you should notify the authorities, including the FBI Internet Crime Complaint Center.
However, because ransom payments usually go up as time passes, getting law enforcement involved can significantly increase the ransom cost if you do decide to pay.
This is another reason why having a decision tree to help you make decisions logically and quickly is important.
10. How to Recover from a Ransomware Attack
According to SC Media, last year, the average recovery time surged between 46% and 91%, depending on the sector. These increases mirror the rise in average ransom payments.
Having a strong recovery plan in place is crucial to minimizing disruptions and additional losses. You should include the following tasks in your plan:
- Isolate and rebuild affected systems. Rebuilding these systems from clean backups or reinstalling them will help eliminate any remnants of the attack.
- Use your secure and verified backups to restore the encrypted or affected data. Verify the integrity of the backups and ensure they are free from any malware before restoring them.
- Analyze the attack vector, implement appropriate security measures, and address vulnerabilities (e.g., patch software, update security controls, reinforce network defenses, etc.)
- Figure out how the attack occurred, the extent of the damage, and the effectiveness of your response. Improve your prevention systems and refine your response plan based on what you learn from this analysis.
- Review and reinforce employee training programs.
Step Up Your Ransomware Prevention Plan Before an Attack Happens
Having robust systems in place to prevent, respond to, and recover from ransomware attacks is the only way to ensure your SMB survives the wave of cybercrime we’re witnessing.
Does your business lack the resources or know-how needed? We can help.
Our experienced team will partner and collaborate with your current IT team to provide your business with the level of ransomware protection it needs.
Our #1 goal is to help you proactively secure your network around the clock.
Get a free cybersecurity assessment today.