When it comes to ransomware, it’s better to be safe than scammed. It’s become common sense to have a business firewall and some anti-malware software installed. But many businesses are finding it’s just not enough.
Ransomware is highly adaptive and designed to bypass the most common countermeasures. At the end of the day, there’s people making the malware who are putting their all into building something to lock down your data – that means you need to thwart them with equal effort.
What Ransomware Does
For those not familiar with ransomware, it’s a kind of malware which encrypts your files and then demands a ransom. If you don’t pay this ransom, your data is locked indefinitely or deleted (It can actually do worse than this, but data loss is the most likely outcome).
While this might be a small problem for a home user, it’s a completely devastating one if it makes it onto your business server. This year, the City of Atlanta was struck with the SamSam ransomware, which asked for a ransom in roughly $50,000 of bitcoin.
At the end of the day, because they weren’t defended well enough, they ended spending more than $2.6 million on emergency efforts to solve the problem. Municipal operations were destabilized, and confidence in the city was completely lost.
There are plenty of cautionary tales about ransomware attacks, including those on hospitals and emergency services. And even if you pay the ransom, statistics show it is highly likely you’ll either be hit for a second one or not get your data back at all.
Ransomware is not exclusive to large organizations and can spread to businesses of every size. That is why it is important for every business to have anti-ransomware defenses.
Where to Start with Ransomware Defense
So, how much ransomware protection do you need?
The Basics: Firewalls and anti-malware solutions are a great starting point – they’re just not the only solution you should use. If you don’t have these bare-bone protections for your server, get them immediately.
Web Filtering and Anti-Spam Solutions: Ransomware often infects businesses via simple email attachments that are opened by employees. This means you should have web filters and anti-spam solutions in place company-wide.
Apply All Patches: A lot of breaches are because someone forgot to install a simple security patch. These are the sort of exploits malware makers are looking for, so don’t let them use it as a backdoor into your systems.
Employee Training: It may feel like an uphill battle, but you should be conducting ongoing training for employees regardless of their contact level with tech. Counter-phishing training is particularly important. Remember, ransomware can easily be introduced to your system through human error – an email attachment, nefarious link, social media site, or infected website.
Backup Strategy: If you’ve got backup software installed and a solid strategy in place, your data can’t technically be held to ransom. In the worst case scenario, you can perform a full data recovery from a clean backup. So long as you’re backing up regularly and to a suitable location, you’re effectively immune from ransomware – with one exception…
Anti-ransomware backup tools: … And that exception is if the ransomware infects your backups. There are a few scenarios in which ransomware can compromise your backups. The first is if you accidentally back it up without realizing, making your backup unclean in the process. The second is if it actively finds its way to your backup destination and infects your backups. You can avoid this by using backup software with a built-in countermeasures like BackupAssist’s CryptoSafeGuard feature.
Have an Incident Response Plan: Don’t leave it until you’re in the midst of a ransomware attack to figure out what to do. Have a plan already written on what to do during a ransomware event.