Your organization recently suffered through a bout with ransomware, you had no choice but to pay the ransom to decrypt your files and get your business back up and running. Now, you’re wondering why it happened and what you can do to prevent it from happening again.
Your employees were not aware
Let’s get this out of the way first. This is the primary reason you were a victim of ransomware in the first place. A 2016 study published by Verizon indicated that approximately 30% of phishing emails received by people are opened. These same emails are common carriers for ransomware. If you think your employees are not a threat, think again. Phishing schemes and ransomware attacks are becoming increasingly sophisticated and harder to spot. A robust internal cybersecurity awareness training program, which includes ongoing awareness campaigns, will help close this gaping hole.
You didn’t implement passive and active vulnerability scanning in layers
The next best way to keep your employees from clicking on phishing emails is to keep the emails from reaching your employees in the first place. Email scanning should be performed by your provider (if you have an external host), at the perimeter firewall or network security appliance, internal mail servers, and endpoints, which include servers, network storage devices and employee workstations/laptops. Make sure you use a combination of passive detection (which only detects traffic that occurs once you become infected) and active detection (which proactively scans for infected or malicious files).
You didn’t limit employees’ use of personal portable storage devices
Another surprisingly common way that organizations are infected by malware is through personal USB drives. Employees bring an infected drive into the office, plug it in, and boom. Malware. Do everything you can to restrict the use of portable storage drives through policy and network permissions, and always scan new devices that are attached to your workstations.
You didn’t update your operating systems
While it’s true that attackers are generally a few steps ahead, the overwhelming majority of exploits stem from known issues with operating systems. The 2016 Verizon report concluded that the “Top 10” known vulnerabilities accounted for 85% of successful exploits. These vulnerabilities typically have patches available. Stop reading this article now, and verify that your systems are patched. If you are still using Windows XP, unplug it from the network and disable Wi-Fi until you can upgrade.
Local antivirus or antimalware software didn’t do its job
There are a variety of reasons this could happen. You could be using a free/budget version that doesn’t get timely updates. The software may not include real-time protection and only scans on a schedule. Users may have the ability to disable or defer a scan. In any event, make certain that your antivirus/antimalware solution is configured beyond the basic installation.
You allowed an extensive use of file-sharing on your network
One of the easiest ways to limit the impact ransomware has is to implement strict file-sharing policies. Ransomware typically attacks local drives and any network drives that the end user has access to. If you allow all employees to share all file storage across your entire network, there is no limitation on what can be encrypted by ransomware. Limiting permissions, and mapping specific shared drives based upon business need will limit your exposure.
You didn’t have a proven backup/recovery solution
Even if you choose to do none of the other items on this checklist, make sure you have a proven, reliable backup and recovery method in place. The best way to avoid paying the ransom is to take the infected machine offline and restore encrypted files from backup. Be warned: if you do nothing else, you may find yourself restoring a lot of files.
Business and individuals alike face an uphill battle against the evolving threat of ransomware. If you have not equipped your organization with a multi-tactical approach to reduce risk, chances are you will pay the piper more often than not. The recommendations outlined above will help you set a direction for your organization to mitigate risks associated with ransomware. Actually implementing them…that’s up to you.