The many recent, high profile targets that fell victim to ransomware attacks – Colonial Pipeline, meat processor JBS and a Martha's Vineyard Ferry Service -- are reminders of how prevalent the threat to businesses is. In fact, these attacks, along with looming threats from Russia, have kept cybercrime in the national spotlight. Unfortunately, only a small fraction of ransomware attacks make national news; more than 290 organizations were hit by six ransomware groups in 2021, which brought in more than $45 million. The US victims include governments, municipalities, hospitals, universities and small businesses. 2022 is shaping up to be an even more lucrative year for cybercriminals. Despite the FBI’s amazing work to recover some of the Colonial Pipeline ransom, there is truly little deterrent for cybercriminals to slow down their assault. In fact, it’s so easy for cybercriminals today, they don’t need to write a single line of code; the encryption software is available for purchase or rent to anyone looking to start a criminal enterprise. The threat is well-known, but less understood are the actions small businesses can take right now to prevent, respond and react to the growing ransomware threat. Let’s face it, with the degree of profitability and the very unlikely chance of consequence, cybercriminals will only step up their efforts.
In simplest terms, here are the steps every small business should take.
Employee Level
Conduct cybersecurity awareness training and educate employees about ransomware attacks
Train employees to spot and report phishing emails, especially those with malicious attachments
System Level Work with your IT Service Provider to:
Ensure firewalls are always operational and up-to-date
Remove Administrator rights from all employees
Logically separate networks
Employ a strong email filtering system to block spam and phishing emails
Patch vulnerabilities and keep all software updated
Set up rigorous software restriction policies to block unauthorized programs
Keep antivirus fully operational and up-to-date
Conduct periodic security assessments to show security vulnerabilities
Enforce the principle of “least privilege”
Use a strong, real-time intrusion detection system to spot potential attacks
Back up files using a 3-2-1 backup rule: Keep at least 3 separate copies of data on 2 different storage types, with at least 1 of those stored online.
Ensure critical work is backed up regularly and periodically
Test backups! Enforce regular checks for data integrity and recovery of backups
Respond Immediately If You Suspect Ransomware
Shut down infected systems at once
Disconnect and isolate infected systems from the network
Immediately isolate backups
Disable all shared drives that hold critical information
Issue a company-wide alert about the attack
Contact your local law enforcement agency and report the attack
React to Ransomware with Measures That Help Recovery
Work with your IT Service Provider to:
Determine the scope and size of an infection; find the type and number of devices infected as well as the kind of data encrypted
Determine the type and version of the ransomware
Find the threat vector used to infiltrate the network Conduct root cause analysis
Mitigate any identified vulnerabilities
Check if a decryption tool is available online
Restore your files from a backup
Prevent A Repeat Attack
Ransomware attacks are phenomenally successful. Unprepared businesses and municipalities that pay the ransom could find themselves attacked again, if they don’t take the necessary steps to close the holes the criminals used. That’s why it’s important to put measures in place to help prevent a second attack.
Once recovered from a breach, make sure it won’t happen again. Cleansing system of malicious files isn’t enough – identification of what caused the breach in the first place is essential.
Constant Education is one of the best defenses against social engineering attacks, and strong cybersecurity awareness training solutions can transform employees into a powerful line of defense. A good training solution allows simulated phishing emails to test resilience and show where the company can improve.
Spam Filters examine incoming and outgoing email communications to find threats and prevent them from delivery. This can stop ransomware from ever reaching its intended victim.
Web Filtering prevents employees from accessing malicious websites, such as phishing pages, and from downloading content from these websites.
Endpoint Detection and Response (EDR) solutions continuously check all incoming and outgoing traffic on a network for potential threats. If a threat is detected, the solution isolates the affected machine so that the malware can't spread. An EDR doesn't just keep a record of the incident itself, but of all the events that led up to the incident, too. This allows insight into which files, processes and registry keys the hacker accessed, and find where the attack started and how it progressed.
Antivirus software detects and blocks malicious files and warns employees when they visit suspicious websites. Today’s most advanced antivirus tools are cloud based, allowing them to use advanced machine learning technology to automate analytics and improve detection. There is more than a good chance your business will face a ransomware attack at some point.
The key is in making sure you know what to do when it happens and have an experienced IT partner to stand by your side.
Our team of experts are always available to consult with you and ensure the right choice for your unique business. Contact us.