Ransomware attacks are on the rise. Whether you’re a small business or a large organisation, you’re at risk and ransomware prevention is always better than recovering after an attack.
A type of malware, ransomware encrypts your computer or device and denies you access. The attacker then demands payment (ransom) to recover the situation for you.
Learn more about ransomware and how it works
Given the potential damage, you should do everything possible to prevent ransomware attacks
- Follow best practice in-house
- Seek specialist support when necessary
In this blog, we highlight ways to enhance your in-house defences against ransomware. These proactive steps can even slow the spread of malware, should it get on your system, limiting the damage caused. LRQA supports entities that require specialist or in-depth help to bolster protection against serious ransomware attacks. We’re here to help when it matters.
Keep your system up to date
Cyberattackers always look for vulnerabilities as ways into your network and devices. By installing patches as quickly as possible, you’re making your ransomware protection as strong as possible.
Inevitably, you’ll need to test some patches before full installation. Do this as quickly as you can and give your IT team everything they need to update at speed.
Having strict protocols for installing new software is a good idea too. Carefully manage new installations and restrict permissions to what’s required right now. You can always review this in the future.
Maintain tight access control
Protect critical data at all costs. It’s wise to limit access to it. Fewer people (and devices) means a lower risk of damage or loss of key data.
Attackers love to hack an account with lots of privileges. For example, an account that has access to many servers.
Review access levels and privileges regularly. It’s easy to overlook a potential vulnerability and leave yourself open to attack in this way.
Remote Desktop Protocol (RDP) is a particular concern. Reduce your attack surfaces by controlling which servers have RDP enabled. Do all your servers need it? Perhaps some are directly accessed. And others might not need to be connected to the internet at all.
Whenever possible, use low-privilege accounts for remote access sessions. Disable access when it’s not required too. This restricts what a hacker could infiltrate if they got into your system this way.
Manage your emails carefully
A huge risk for malware attacks, many ransomware hackers focus on email use to make their way in.
The biggest risk is someone clicking a malicious link or opening an attachment from a hacker.
Ensure you’re automatically scanning all emails as they come in. Filter anything suspicious such as dubious links or attachment file types you don’t accept. For example, a .exe file extension.
This won’t prevent all ransomware attacks via email, but it will prevent some.
Also, make sure your staff can see the full file extension before they click on a link. Some email platforms hide them by default, preventing someone from spotting a suspicious link before clicking on it.
Educate your entire team about ransomware prevention
People are a weak link for ransomware attacks. But with adequate education, they can also be your strength.
When your team know what to look for - and who to tell - you have eyes on the lookout every day. You can catch problems earlier and minimise damage.
Encourage a collaborative, cyber-resilient culture. Teach them how to spot a phishing scam. Show them what warning signs to watch for.
Your security team should welcome reports of the smallest issues – even if they come to nothing. For example, staff should feel comfortable reporting any sign of a potential ransomware attack, such as a mouse moving on its own, or their computer rebooting unexpectedly.
Protect your network
There are many good practices to protect your network from ransomware attacks. Crucially, always keep firewalls, anti-virus software, and endpoint detection up to date.
Use anti-virus software that’s able to detect ransomware too.
For users working outside your direct network, provide VPNs to keep their connection as secure as possible.
Password security
Passwords remain a huge opportunity for cyber attackers. Your team must know how to select a secure password and how to keep it safe.
Use two-factor authentication whenever possible. Not only does it help stop ransomware by protecting access, but two-factor also prevents password sharing – never recommended.
Teach everyone how to create a safe password and encourage them not to overuse familiar passwords which are easy to guess. Generally, people don’t create secure passwords because they don’t know how to.
Finally, how does your team store their passwords? Give them access to the right tools and remove the need for insecure behaviour.
Backup often
Should you suffer a ransomware attack, having a clean backup makes recovery easier (and faster).
Attackers often target connected back-ups to cause more damage. So, it’s important to scan back-ups for malware too. Also, disconnect them when you can.
Use more than one regular backup method. Ideally, back your data up to a secure, cloud-based system and an offline disc-based system. Making this automatic also ensures it happens frequently.
Limit people with access to your backups – another way to protect your data.
And test your back-ups regularly, so you’re confident they’d restore if necessary.
Of course, if a cyber attacker has your sensitive data and is threatening to expose it a backup is of limited help to you.
Call in the specialists
You’re not on your own when mitigating the risk of a ransomware attack. Supporting organisations and businesses around the globe, LRQA provides guidance and practical help to keep you safer.
Starting with Incident Response Testing using our in-depth knowledge about how attackers try to place ransomware malware on your system, we look for gaps in your security.
It’s not just your software though. We review your processes and people too.
Whatever you need, LRQA has the experts and services to keep you one step ahead of a ransomware attack.