How to Plan for Ransomware in 2019

Aug 4, 2018

How will you respond when ransomware targets your business? We say “when” because 71 percent of cybersecurity experts believe there’s a moderate to extreme possibility their organizations will experience ransomware attacks in the next 12 months.

Here are our top recommendations for protecting your data against ransomware in 2019.

Ransomware in The Cloud

Nearly 44 percent of the malware found in the cloud is carrying ransomware, and in 2017, attacks against cloud storage increased. This threat is exacerbated by the fact that cloud applications are available on demand. Any employee can go online, sign up for a free service, and download infected software. If they share a service with other employees, the infection can rapidly spread to other systems, thanks to the sync-and-share functionality that’s common to many cloud applications.

Your risk increases if employees access data stored in the cloud using personal devices that aren’t properly maintained, patched, and updated. To reduce ransomware threats from shadow IT, make sure you have a bring-your-own-device (BYOD) policy in place, look for unusual activity on the network, and follow the rest of our tips below.

Patch Everything

The WannaCry attack infected more than 200,000 computers in 150 countries — all by exploiting vulnerabilities in older Microsoft operating systems. In fact, as Webroot’s VP of cybersecurity and engineering points out, many of 2017’s ransomware attacks could have been mitigated simply by patching systems. It’s worth noting that the colossal Equifax breach — although not a ransomware attack — was reportedly caused by an employee’s failure to apply a software patch.

To thwart criminals exploiting known vulnerabilities in trusted applications, the solution is simple (though admittedly easier said than done): Patch everything. Patch your applications, software, hardware, and connected devices as soon as updates are available.

Train Employees

Timely employee training is one of the most effective ways to combat ransomware, as it typically enters the organization through an employee opening a compromised email attachment, falling for a phishing email, or visiting a compromised website.

It’s getting harder to spot scams because scammers are skilled at harvesting data from social networks and other online researchers to spoof an email from a well-known brand or impersonate trusted content. In fact, spoofing and impersonation comprise 67 percent of successful phishing attacks. Spammers are also hijacking legitimate domains, which they use to create phishing pages. The sites’ good reputations allow the newly created phishing pages to slip past anti-phishing filters.

However, these are only two examples of a growing list of phishing tactics. That’s why it’s important to regularly train employees on how to look for the telltale signs of phishing attacks. Training should be mandatory, but to fully engage employees, communicate the message that they’ll learn valuable cybersecurity skills to apply in their personal lives. After all, phishing and ransomware target individuals too.

Maintain Backups and Test Your Restore Process

If all else fails and your data is encrypted, having current backups is the best defense against ransomware. By restoring from backups, you can avoid paying the ransom. That’s why, unfortunately, some strains of ransomware are now going after backups, especially if they’re stored in the same environment as your production systems.

WannaCry, for example, deleted volume shadow copies, which Microsoft Windows automatically creates to allow users to easily recover their data. Network-attached backups are also at risk. After having its data encrypted by ransomware, one police station refused to pay the ransom, knowing that its data was backed up. Unfortunately, the backups were attached to the network and had also been encrypted.

To protect yourself, back up your data frequently and segregate it from your production environment. Be sure to monitor backups for completeness and accuracy as well.

Of course, a backup is only as good as the restore, so it’s important to routinely test your restore process. Include any disaster recovery vendors you work within your tests to make sure they can restore your company’s data within your recovery time objectives (RTOs).

Know How You’ll Respond to a Ransomware Attack

While you’re working on restoring your systems after a ransomware attack, a comprehensive business continuity plan with a strong focus on cybersecurity can minimize the impact of downtime. For example, will you need to temporarily revert to paper-based processes? Will workflows need to be diverted? If so, know in advance when, how, and where you’ll carry out the recovery. Finally, employees should be trained on any systems and procedures to be used during downtime.

Don’t waste any time creating a response plan. Get started now. For more details, read our blog post “Five Ways to Thwart a Cybersecurity Nightmare.”