2017 was called the year of ransomware, but ransomware is showing no signs of slowing down. Ransomware is expected to be an even greater threat to companies and their data this year. Ransomware is malicious code that encrypts valuable data on the computers it infects. Ransomware has been designed to encrypt common work product such as Microsoft Office files and PDFs, as well as important personal files such as family photos. Most ransomware encrypts hundreds of different file types, and some can encrypt databases or application files for critical systems such as ERP or medical record systems.
Ransomware was a frequently covered topic last year, but the deluge of articles can leave some wondering what the essentials are for protecting their company against this threat.
Ransomware is predominantly distributed through phishing messages to victims. As such, email filtering of phishing messages and end-user education are essential in reducing the likelihood of a ransomware attack. It is essential to have a robust email system that screens out unsafe attachments, malicious links, and enticing phishing messages.
Phishing may be the most prevalent distribution method, but there are others. Some ransomware is distributed by drive-by malware using malvertizing or other techniques or the exploitation of system vulnerabilities. Ransomware may use vulnerabilities to further their reach after initial entry through a phishing message. The WannaCry and NotPetya ransomware of last year both utilized system vulnerabilities to gain access to their targets. Companies need to ensure that their systems are kept up to date with patches that remediate known vulnerabilities. Additionally, security controls should be implemented to evaluate traffic and system behavior to identify and stop potentially malicious actions.
Data is the target of ransomware, so it is vital to ensure that valuable data is backed up. This is sometimes more complex than companies realize because data may be distributed across many systems and data volumes tend to multiply. The first step is to understand what data you have so that you can properly protect it. Next, ensure that the data is captured in backups and that those backups are segmented from production systems so that ransomware cannot encrypt both production and backup data at the same time. Lastly, test backup and restore methods to ensure that data can be restored promptly and correctly.
The increasingly complex IT environment and the need to be both agile and scalable has led many companies to the cloud. Cloud vendors can patch large numbers of systems far more effectively than internal IT staff, and they can afford to put the latest security controls and compliance measures in place. Still, cloud consumers must be aware of what the cloud provider offers and what their responsibility is for security. There is a demarcation point where the cloud provider’s responsibility ends and companies must be aware of that so that they can configure cloud services to appropriately protect themselves, their data, and their customers. Cloud solutions are often augmented with a cloud backup to streamline the process further.
Ultimately, whether you are in the cloud or on-premise, it is critical to prepare for a ransomware incident by implementing methods to reduce the likelihood of ransomware and backups to be used to recover when ransomware strikes.