How to Protect Your Business From Ransomware

It’s all over the news: the Colonial Pipeline, JBS meat company and Massachusetts Steamship Authority have all been struck down by crippling ransomware attacks.

Let’s look at why these cyber attacks are happening and, more importantly, what you need to do to safeguard your business from an attack.

Why Now?

Why is there such a big spike in ransomware attacks? While we’re not 100% certain, some of this may be fallout from the SolarWinds breach, and unfortunately, if that’s the case, we will probably see more largescale cyberattacks in the near future. Other cyber experts speculate that this could just be cyber criminals working overtime to take advantage of employees going back into the office, getting back into the normal swing of things.

Regardless of what the root cause for the increase is, we know that in 2020 we saw a 150% increase in ransom attacks compared to 2019. More staggering, the monetary amount of ransom demands increased by 300%! This year, unfortunately, we are already set to outpace 2020 with ransom attacks occurring every 11 seconds to ALL kinds of businesses large and small.

Just today one of my clients had a dozen suspicious emails hit her inbox from real people she knew, but in reality, they were compromised mail accounts sending malicious files that she was not expecting. We expect to see an increase in these types of attacks, known as phishing campaigns, while ransomware is on the rise.

I talked about phishing in another blog post, 6 Shockingly Effortless Ways to Keep Up On Cyber Security That Even Your Grandma Can Do.

How Do Cyber Criminals Plant Ransomware?

Attackers are using many methods to gain access to systems, the first being email. We’ve all seen the emails from the Nigerian prince. We all know it’s a scam. But hackers are getting more sophisticated.

What we’re often seeing is user credentials being compromised (more on that in a minute), and then malicious emails from REAL user accounts being used to send bad stuff. The attacker’s goal is to get people to open malicious attachments or collect just enough credential information to wreak havoc. Once they gain remote access to your organization’s systems, they plant ransomware.

Attackers often get users’ credentials via previous data breaches that have exposed user names and passwords, and also by using phishing emails that ask you to sign into a fake Office 365, Adobe, Dropbox, etc. account and provide your email and password.

How Can You Protect Yourself and Your Business?

If your business doesn’t already have an airtight cyber security plan in place, the time to protect your business is now.

Right off the bat, you should implement the following best practices.

1. Use multiple, different and complex passwords for different sites. Don’t reuse the same password; this reduces the chances of an attacker being able to successfully use a compromised password to gain access to your network or email. Use a password manager like LastPass to help keep those passwords organized.
2. Use multi-factor authentication. Wherever you can enable and use multi-factor authentication, DO IT! This is an easy step to stop attackers from gaining unauthorized access to your network, computers and online systems.
3. Review the administrative credentials on your domain. If Joe Bob is a regular user and has domain admin access, his account can wipe every machine in the company. It’s worth a look to ensure everything has the most restrictive permissions possible.
4. Employ advanced email threat protection. Tools like Safe Links and Safe Attachments can rewrite links and scan them each time they are clicked. This can protect you if something malicious is detected later down the road. If properly configured, this will prevent you from being able to access the malicious site or downloading a malicious file.
5. Use anti-virus/anti-malware protection. While it’s not 100% guaranteed to stop a ransomware attack, it’s pretty darn accurate and gives you a solid line of protection. Go with a good solid product (not free) like Webroot to protect all your systems including mobile devices.
6. Lock down your firewall! Hopefully, you already have a good firewall that filters inbound and outbound traffic. Review your rules every now and again to be sure nothing has changed on your network, which might reveal a hole to patch. If you have publicly facing web servers, make sure they’re appropriately DMZ’d or VLAN’d off your primary network to avoid people getting into crucial systems.
7. Use your Windows Sandbox environment. Windows 10 has a special mode where you can spin up a sandbox to launch suspicious attachments, links, etc. and see what happens. If it encrypts your sandbox, no big deal. Close it and be sure to delete that email from your real inbox.
8. Backup, backup backup! And not just with a hard drive attached to your computer, because that will get encrypted too. Ensure you have a good offline backup or appliance that keeps your backup separate from your network. If ransomware does run rampant, the backup system should not be reachable.

Simple steps like this, as well as being extra diligent and thinking before you click, can have a big impact on your company’s ability to ward off a cyberattack. Remember, if you’re not expecting an email from someone, or it seems out of the ordinary, don’t open it. Get it in a sandbox or get it to your IT provider for analysis.

Need Help?

If you have any questions or feel uncertain about handling these steps on your own, contact us online or call 410.685.5512 for help.