These surprisingly easy steps can save your company the tears caused by cyberattacks and ransomware like WannaCry.
Call it the Black Hat Spring. In mid-May 2017, one of the largest cyberattacks spread around the world in a matter of days, crippling businesses in 150 countries by hijacking more than 230,000 computers, locking up data, and demanding money to set them free.
The attack, called WannaCry, used ransomware, a type of malicious software that blocks access to stored data until you pay a ransom. Experts everywhere had the same first-responder advice for companies in the clutches of the WannaCry hack: don’t pay, wipe your machines, and restore them from backups.
Beyond that, what can companies do to prevent these attacks?
There are, in fact, a variety of steps companies can take to mitigate ransomware and cyberattacks. For starters, educate your end users on the best practices to prevent infections and regularly backup and encrypt important files.
Educate yourself on ransomware attack vectors. Consider partnering with a security company that regularly upgrades its tools for earlier detection, consistently monitors for threats and attacks seen in the wild, and updates its products accordingly to block attacks before they do any damage.
Attacks on the RiseThe WannaCry malware was particularly virulent. Once it made its way into a local network, the malware relied on aggressive worming behaviors that eliminated the need for any further human intervention to locate and exploit vulnerable machines.
While WannaCry may have been one of the biggest ransomware attacks yet, it’s far from the first or last and such attacks are on the rise.
According to the U.S. Justice Department, more than 4,000 ransomware attacks have occurred daily since January 1, 2016, a 300-percent increase over the approximately 1,000 attacks per day seen in 2015.
In Verizon’s annual Data Breach Investigations Report (DBIR), a comprehensive analysis of breaches and incidents based on industry-wide reporting, ransomware has moved from the 22nd most common variety of malware in the 2014 DBIR to the fifth most common in this year’s data.
Hackers often use Trojan horses to spread ransomware. These are programs disguised to fool users into installing or executing them. Trojans often masquerade as system or software updates, macros, or other software add-ons.
Ransomware is also getting more sophisticated. According to Verizon’s DBIR report, attackers have moved from traditional methods using file encryption to such tactics as master boot record locking and partial and full disk encryption that can make it more difficult to recover systems. They also have used more advanced security sandboxes and exploit kits.
Best Practices to Fend Off Ransomware
What’s important to remember is that it is possible to mitigate cyberattacks, even as they are gaining in numbers and sophistication. Companies can enact best practices to protect themselves better, and have at their disposal a variety of products and services to help.
Simply educating users on best practices can go a long way in securing systems. Much of the advice is common sense, but it still should be spelled out regularly for them.
For example, remind users never to open attachments or click on a link on a webpage, in an email, or within a chat message unless the sender is trustworthy. Teach them how to spot suspicious activity. Fake webpages and emails often have incorrect or odd spellings or unusual spaces, symbols, or punctuation.
Instruct users to trash emails that look like spam, or employ a spam-blocking firewall. Additionally, show users how to inspect email headers if they’re unsure of the sender. You should train your employees regularly, as well as provide periodic security reminders. Company-wide alerts should go out whenever there are concerns.
System backups must be done regularly, and make sure to verify the integrity of those backups. Also, run through the restoration process to assess that it’s working properly. Make sure your backups, whether stored in the cloud, offline, onsite, or remotely are secure. In some cases, ransomware can impact cloud-based backups, particularly those that rely on persistent synchronization.
Integrated Threat Intelligence Services Add a Security LayerThe foundation of any enterprise IT security strategy is the security tools and services companies use to protect their networks, systems, and data. You must protect network perimeters as well as endpoints like phones, tablets, laptops, and PCs. Firewalls serve as gateways to block spam, viruses, and phishing attempts, and even “phone home” requests made by malware.
Make sure your vendors—and your systems—are up to date. Systems and apps must have all the latest patches to avoid exploits that rely on outdated code. This was how WannaCry did its damage.
Through the EternalBlue exploit, allegedly developed by the U.S. National Security Agency (NSA) and leaked online by cybercriminal syndicate The Shadow Brokers, it spread through networks with unpatched Microsoft Windows machines like a worm.
The IT departments could have protected their vulnerable machines: Microsoft issued a critical patch on March 14, 2017, yet many IT organizations had not updated their vulnerable systems when the attack began.
One way to ensure real-time protection is to partner with vendors that offer cloud-based integrated threat intelligence services within their firewalls. These services can identify new and emerging attacks seen in the wild and act as an added layer of protection to the firewall and related applications such as antivirus software and web filters.
Sophisticated, cloud-based threat intelligence services integrated with next-generation firewalls and unified threat management solutions provide insights across every port, protocol, and application including SSL-encrypted traffic.
By synthesizing intelligence information in the cloud, these solutions can provide superior protection against unknown and emerging threats globally and seamlessly. Often, these services pinpoint zero-day, never-before-seen malware and can block threats before they ever enter the network.
Expect the Best, Prepare for the Worst
Companies must expect they could be the target of a ransomware attack. By implementing best practices, and consistently and correctly following them, and by leveraging advanced security tools that incorporate cloud-based threat intelligence services, companies can greatly reduce the chance that they’ll ever become victims of such attacks.
Timur Kovalev serves as the CTO at Untangle and is responsible for driving technology innovation and integration of gateway, endpoint, and cloud technologies. He brings over 20 years of experience across various technology stacks and applications. Kovalev holds a dual bachelor’s degree in Computer Science and Electrical, Computer & Systems Engineering from Rensselaer Polytechnic Institute, and an MBA from the Leeds School of Business at the University of Colorado, Boulder.