Ransomware prevention: what you should do today to mitigate risks

06. April 2020

The outbreak of the COVID-19 virus and the countermeasures that ensued have caught everyone by surprise. Organisations were scrambling to organise remote working stations in order to keep their business afloat. Sadly, the crisis also caused a spike in ransomware attacks. More people than ever before are working remotely, and they rely completely on e-mail, video conferencing tools and mobile devices to do their job.

On top of that, cybercriminals are now using the current crisis as clickbait. Malicious websites, spam e-mails, phishing scams and fake charities are using the goodwill and genuine concerns of people and organisations to gain access to critical data. Many threats are now disguised as breaking news, new corona research or data on the spread of the infection.

So, first things first.

There are several solutions and tools to prevent and deal with ransomware, but many of them cannot be implemented right away. Our team wants to share some clear-cut basics that should be checked and that will reduce your exposure to ransomware attacks right now. Will these tips be enough to prevent an attack? No. Is this an exhaustive list? No. Are we stating the obvious? Yes. This blog is a short list of some of the obvious checks you should take every day and today even more. Those measures will reduce the risk and they will help you get insights and lay the foundation for even more effective countermeasures later on.

Let’s dive in.

We focus on three things. And for each of these domains, several measures can be taken to reduce your exposure. These practical tips are fairly easy to perform and implement. Doing them just once, however, will not have much impact. Ransomware prevention is an ongoing battle.

1. ENSURE YOU HAVE BACK-UPS

This may seem very obvious, but let’s take a closer look. Back-up is not something you can set and forget. When your IT-environment changes, your back-up needs to change too, and this is often not the case. It’s easy to overlook workloads and data here and there. And testing your back-up environment is not just important for ransomware prevention. It will arm you against hard drive failures, software failures and any kind of disruptions or disasters.

  • Make sure you have back-ups of all your critical systems
  • Implement, where possible, immutable back-ups
  • Test your restore procedures regularly

2. ENSURE THAT EVERYTHING IS UP TO DATE

Here too, there’s more than meets the eye. Keeping software, anti-virus and firewalls up to date is a basic, but to ensure your entire IT-environment is properly up to date, you need to go further. An outdated system can have exploits that are not covered, and updates also need to be done to your policies (and this is often forgotten).

  • Scan incoming e-mail content with updated software and block any attachment that may pose a threat
  • Scan for user anomalies and keep your system usage and access control policies up to date
  • Restrict usage of third party software, USBs and also keep those policies up to date

3. ENSURE YOUR PEOPLE ARE AWARE

You can have the most elaborate technology in place, if you leave too much margin for human error, you’re still at risk. Instead, try to turn the weakest link into your strongest link. So keeping your co-workers “up to date” is just as important as your systems and policies.

  • Refrain your employees from sharing personal information while answering e-mails, phone calls or messages
  • Even today, raise awareness by user-friendly phishing campaigns, so your employees are more alert, eventually implement a SaaS platform to integrate it smoothly
  • Have them report suspicious activities to IT or your security teams. If needed, install a user-friendly digital process

 

Again, this list is short and obvious, but it should help you set a routine and help you get the basics right before moving on to more complex countermeasures. Later on, we’ll write a blog that will help you take the next step in ransomware prevention.

Want to know more or do more? Our security expert Jan De Meyer will gladly answer all of your questions and give you independent advice. Feel free to contact him via e-mail or phone.

devoteam

Contact

Jan De Meyer

Business Line Manager Cyber Security

Devoteam Belgium