Since 2013, ransomware has been wreaking havoc on organizations in all industries and of all sizes, and building a plan to prevent ransomware attacks has often been a focus of IT teams across the globe. This year, there has been a staggering surge in attacks due to increased remote work and online shopping. Cybersecurity firm MonsterCloud, reported an 800% increase in ransomware attacks during the COVID-19 pandemic, citing that cybercriminals have “stepped on a goldmine.” These attacks have targeted not only large corporations but small businesses and critical medical organizations.
Ransomware attacks are a harmful type of malware that costs businesses considerable downtime. The longer it goes undetected, the more devices, servers, and data become encrypted. In Datto’s most recent Global State of the Channel Ransomware Report, the downtime reported cost was nearly 50X greater than the ransom requested. While the average ransom in 2020 was $5,600 USD, the average cost of downtime was a whopping $274,200 USD.
Although ransomware is commonplace today, many businesses we work with still don’t have the proper preventive measures, security training, or disaster recovery planning in place to protect their business from a breach. While there is no single way to completely avoid a ransomware attack, several industry-leading approaches will significantly reduce the risk of downtime and data loss.
To teach you more about ransomware prevention and protect your network from unknown threats, our experts have compiled the most common ways that ransomware attacks can occur and shared 5 solutions that you can put in place today.
Is Your Business Exposed?
The short answer is yes. Anyone with a computer is at risk of a ransomware attack. When you click an online ad, download an untrusted software program from the internet, or simply check your email, there is always a danger that the link or email clicked is a trap to penetrate your system and hold your files hostage.
A ransomware attack happens in multiple stages, where a hacker infiltrates your network, encrypts as much data as possible, and extorts it for ransom. Cybercriminals have continued to evolve over the years, becoming more sophisticated about how they get past traditional defenses. With global ransomware damage costs predicted to reach $20 billion by 2021, they know how to exploit vulnerabilities in our devices and networks that we all have in common.
With that in mind, here are 4 of the top ways that a ransomware attack can happen:
- Phishing Emails
A disguised email attachment is the most common way that ransomware can infect your computer or network. Any person can be tricked into clicking and opening an email because nowadays, hackers are using familiar names, government service agencies, or important subjects (like the coronavirus).
- Free Software Download
Another common way to infect a person’s machine is to offer a free version of a piece of software. From free versions of games to adult content to online game cheats – these downloads are designed to bypass any firewall or email filter, infiltrate your network, and hold it hostage.
- Drive-by Download
Visiting a “compromised website” with an old browser, software plug-in, or an unpatched third-party application can infect a machine. According to KnowBe4, a hacker will discover a bug in a piece of software that can be exploited to allow the execution of malicious code. Once discovered, these are usually quickly caught and patched by the software vendor, but there is always a time when the software user is vulnerable.
- Remote Desktop Protocol (RDP)
RDP sessions are commonly used to remotely log in to Windows computers and give control to another person in your company. Cybercriminals have become increasingly skilled at attacking these exposed computers and using them to spread malware within a network. RDP is exploited either due to an unpatched vulnerability or password guessing because the victims chose very weak passwords and/or did not enable account lockout protections. Learn more about protecting your organization against remote desktop protocol vulnerabilities.
5 Ransomware Prevention Tips
As we mentioned, there is not one single solution to prevent ransomware attacks before they happen. The most effective way is to take a multilayered approach that includes a combination of security software, cybersecurity training, and monitoring solutions.
Here are 5 ways to prevent ransomware attacks that our IT experts recommend:
- Antivirus and Anti-Malware Software
According to Datto’s Global State of the Channel Ransomware Report this year, 91% of ransomware attacks targeted Windows PCs this year. It is recommended that you use both antivirus software and anti-malware software to keep your PC secure.
- Email Security Gateway
Phishing emails are still the most common method of ransomware attacks. With a simple click of an email, it doesn’t take long before malware spreads across networks to infect other computers and systems. Your first line of defense should be an email security gateway solution, which provides spam protection and detection.
- Cybersecurity Education
After phishing emails, the leading causes of ransomware attacks result from a lack of education and poor user practices. Weak passwords, open RDP access, clickbait, and a host of other user errors leave vulnerabilities in your ransomware prevention program. They can be avoided with regular cybersecurity awareness training and best practices.
- Endpoint Detection and Response (EDR)
Endpoint threat detection and response platforms are designed to monitor, detect, and investigate suspicious activities on hosts and endpoints. These solutions automatically respond to identified threats to remove or contain them and notify security personnel.
- Patch Management
Keeping your software up to date is critical to preventing a ransomware attack. Any organization that implemented the latest Windows security patch back in 2017 prevented the malicious WannaCry ransomware strain that eventually infected over 300,000 computers in over 150 countries.
If you have any questions about these ransomware prevention solutions, please contact our IT team directly for an IT assessment and specific product recommendations.
What Happens if You Get Hacked?
Cybercriminals spend their time looking for new tactics to exploit software vulnerabilities and gain access to your computers and data. So, no matter what preventive measures you have in place, their job is to get through it – and sometimes they do. That’s why you need more than preventative solutions to protect your business from ransomware. If you are attacked, your organization needs to have the right business continuity software and plans in place to resume normal operations quickly – minimizing the damage and recovering your data as fast as possible.
Never Pay the Ransom
If your business gets attacked by ransomware, never pay the ransom. You need to have a plan in place to recover your data and reduce the damage. In response to the growing ransomware threat, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory on potential sanction risks for facilitating ransomware payments. That means that it is now illegal to be the party who distributes ransomware payments – even to get your own data back.
Always Backup Your Data
Data backups are essential to restoring and recovering critical systems, applications, and data in the event of a ransomware attack. Many secure and reliable backup and disaster recovery solutions include on-site and off-site backup solutions and disaster recovery failovers. You can learn more about data backups and data archiving here.
Develop a Business Continuity and Disaster Recovery (BCDR) Strategy
Regardless of the solutions you have in place, business continuity and disaster recovery planning require more than just software. You and your people need a strategy and formalized plan in place that tells you exactly what to do in the unexpected event of a ransomware attack. We highly recommend that your first step is to conduct a security risk assessment to understand potential security threats and their impact on your business. From there, work with a managed services provider to implement and test your plan.
Start Defending Your Business Today
Education and preparation are essential to preventing a ransomware attack. To help you get your multilayered ransomware prevention approach in place, members from our talented IT and infrastructure team are hosting a free educational webinar on the state of ransomware. They will be available to answer any questions you may have and share some further insights into these ransomware prevention and business continuity techniques.