Ransomware Recovery Plan- Fight Back!
Are you Prepared to get your files back? you can be with our ransomware recovery plan
The US is bracing for the full impact of a global ransomware epidemic based on the recent Wanna Decryptor malware strain, Petya malware and the most recent, Bad Rabbit attack. It's important to protect your business and data from this fast-spreading threat, but once we're past it, you need to remember that these attacks are the most well known examples of the ransomware. There are millions of attacks on small, medium and large businesses every week that go unreported.
There are three things to know about ransomware: it's scary, it's growing fast, and it's big business. These attacks are easier than ever to pull off now that ransomware as a service is a real thing. Now that average person can pull off an attack if they want to.
So what do you do to protect yourself?
A key component to prepare for a ransomware attack is developing a robust backup strategy and making regular backups. Robust backups are a key component of an anti-ransomware strategy. Once your files are encrypted, your only viable option is to restore the backup. Your other options are to pay the ransom or lose the data. Real-time backup or file sync will just back up your encrypted files. You need a robust backup process where you can roll back a few days [to before the ransomware infection], and restore local and server apps and data. A good strategy to consider is a tiered backup solution that keeps several copies of backup files in different locations and on different media (so an infected node doesn't immediately have access to both current file repositories and backup archives).
User education is a powerful yet frequently overlooked weapon in your arsenal against ransomware. Train users to recognize social engineering techniques, avoid click bait, and never open an attachment from someone they don't know. Attachments from people they know should be viewed and opened with caution.
Understanding how ransomware spreads identifies the user behaviors that need to be modified in order to protect your business. Email attachments are the number one risk for infection, drive-by downloads are number two, and malicious links in email are number three. Humans play a significant factor in getting infected with ransomware. Your employees are one of your greatest risks to be infected.
Training your employees to consider the ransomware threat is easier than you think, especially for SMBs. Sure, it can take the traditional form of a lengthy in-house seminar, but it can also simply be a series of group lunches at which IT gets the chance to inform users via interactive discussion—for the low price of a few pizzas. Cloud Cover also offers this training and we will "phish" your employees to see who opens our "malicious- but harmless of course," email. That employee will then be on a path to receive the training they need to avoid the real attacks when they happen.
The best place to start protecting your SMB from ransomware is with these 4 proven strategies: app whitelisting, patching apps, patching operating systems (OSes), and minimizing administrative privileges. These four controls take care of a huge amount of malware threats.
For SMBs that still rely on individual PC antivirus (AV) for security, moving to a managed endpoint security solution lets your IT provider centralize security for the entire organization and take full control of these measures. That can drastically increase AV and anti-malware effectiveness.
Whichever solution you choose, make sure that it includes behavior-based protections.
If you haven't prepared for and protected yourself against ransomware and you get infected, then it may be tempting to pay the ransom. However, if you ask anyone in the business if this is a wise move, most experts agree: that paying is risky. Now you're certainly losing your money and maybe you're getting your files back unencrypted. After all, why would a criminal become honorable after you've paid him?
By paying criminals, you're giving them an incentive and the means to develop better ransomware. If you pay, you make it that much worse for everyone else, and yourself. If the attacker knows that you paid for it once, chances are that you will pay for it again, leaving yourself vulnerable to future and repeated attacks.
If the damage caused by ransomware is all about disruption to your business, then why not take steps to increase business continuity by moving to the cloud? The level of protection and overall security you get from the cloud is far greater than what a small business could afford. Cloud providers have malware scanning, enhanced authentication, and numerous other protections that make the odds of them suffering from a ransomware attack very low. At the very least, move email servers to the cloud. Email is the biggest attack avenue for ransomware. Move that to the cloud where providers bundle multiple security controls like malware scanning and data loss prevention into the service. Additional security layers, such as proxy-based site reputation and traffic scanning, can be added through many cloud services and can further limit your exposure to ransomware. If your local machine becomes infected with ransomware, it may not even matter if your data is in the cloud. Wipe your local machine, re-image it, reconnect to your cloud services, and you're back in business.
Don't Think "It Won't Happen To Me"
This is not one of those situations in which a wait-and-see approach is your best tactic. Wanna Cry, Petya and Bad Rabbit shows that ransomware is out there; it's growing in giant leaps and bounds, both in sophistication and bad guy popularity—and it's definitely looking for you. Even after this current threat blows over, it's critically important that you take steps to protect data and endpoints from infection.
Create regular backups, train employees to avoid infection, patch apps and OSes, limit administrator privileges, and run non-signature-based anti-malware software. If you follow this advice, then you can prevent all but the most bleeding-edge infections (and those likely aren't targeting SMBs). In the case in which an attack gets through your defenses, have a clear, tested plan in place for IT to clean up the infection, restore backups, and resume normal business operations.
If you don't follow these best practices and you do get infected, then know that paying the ransom comes with no guarantees, and you become an easier target to the criminals, and gives them the means to develop even more insidious ransomware (and the incentive to use it on you as often as possible). Don't be a victim. Instead, take the time now to : prepare, prevent, protect, and stay productive. For more information or assistance please contact us for a ransomware risk assessment to see where your vulnerabilities are. 614-362-8201