Ransomware, which involves a threat actor encrypting a victim’s computer files and then demanding a ransom for their decryption, is becoming more prevalent every year. Over the past year alone, ransomware attacks have increased by 105% globally. To avoid significant losses, businesses must put ransomware prevention measures in place.
Read more: Best Ransomware Protection
Top 11 Ransomware Prevention Strategies
Ransomware cost the world about $20 billion in 2019, and this figure is expected to rise. With the world’s reliance on being connected, attacking computer systems is an attractive target for threat actors.
Unfortunately, small and medium-sized businesses (SMBs) are disproportionately affected by ransomware. In many cases, they don’t have the same financial resources as bigger companies to dedicate to cybersecurity threats. However, there are measures that every company can take to prevent ransomware.
- Offline backups are isolated from the internet and cyberattacks, including ransomware.
- Spam filters can prevent the vast majority of email-based ransomware attacks before they even happen by blocking emails that potentially contain ransomware.
- Microsegmentation isolates data in different parts of a network, which helps to prevent the spread of ransomware to all data.
- Sandbox testing should be used when introducing new files to a network. It prevents files from accessing the network, meaning possible ransomware won’t be able to cause damage.
- Ad blocking is a simple measure that can be taken to help prevent ransomware, as many threats are distributed through malicious ads.
- Review port settings for ports 3389 and 445, which are popular targets for ransomware threats. If your business does not need these ports open, then consider closing them. If they do need to be open, then access should be limited to only trusted hosts.
- Training your team on the importance of ransomware prevention is especially crucial when it comes to recognizing, avoiding, and reporting suspicious email threats.
- Put an intrusion detection system (IDS) in place to look out for threats by scouring network logs for signatures of malicious activity.
- Remove unnecessary systems, hardware, software, and services that expose your business to unnecessary risks and attacks by being attached to the network.
- Have a layered security approach in place with measures such as antivirus software, firewalls, and multi-factor authentication.
- Encrypt important data so that, in the event your company does get breached, it won’t be able to be exfiltrated.
What to Do if Your Business Is Affected by Ransomware
There are a few options available to you if you do unfortunately do get hit by ransomware:
- Restore from a backup: If you have a backup available that you can restore from, you can get up and running this way. However, restoring systems from backups can take several days, and data generated after the last backup will be lost.
- Use a decryption tool: Some ransomware isn’t very good and can be decoded easily. Some security vendors have decryption tools available on their websites.
- Isolate affected devices: Isolating affected devices ensures that assets free of ransomware remain that way.
Should You Pay the Ransom?
It is not advised that you pay the ransom. Paying the ransom doesn’t guarantee the attackers will give you the decryption key. While in most cases it does, paying the ransom is generally a bad idea because of the following:
- Paying ransoms gives threat actors impetus to continue infiltrating businesses.
- Attackers may still sell or release your stolen data anyway.
Read more on eWeek: To Pay or Not to Pay Ransomware? How to Face the Dilemma
Recovering From Ransomware
Ransomware results in billions of dollars lost globally. However, measures such as intrusion detection systems and spam filters can help to prevent these attacks from happening in the first place.
If your business does find itself in the unfortunate position of being affected by a ransomware attack, you can try using a decryption tool or restoring from a backup. Be sure to also isolate affected devices.
Above all, avoid paying ransoms. Attackers may plan to sell or release your stolen data anyway, and paying ransom incentivizes threat actors to keep attacking businesses with ransomware.
Read more on eSecurity Planet: Could You Be a Ransomware Target? Here’s What Attackers Look for