Ransomware attacks are not going away. They continue to make headlines and cause disruption to individuals as well as organisations. For most, it’s a matter of when, not if, it happens.
So, it’s important to understand some of the key attack techniques used, the common challenges faced when defending against ransomware and how your organisation can take steps to protect against it.
Ransomware can affect any organisation at any time, often causing multiple problems.
Attackers don’t just use a single point of entry to gain access. They prey on different vectors such as unpatched VPN servers, email attachments or phishing links and RDP access with weak or compromised user credentials. Once they’re in, they spread the malware internally, taking advantage of active, insecure protocols, such as SMB v1 – used by both WannaCry and NotPetya. This malware is used to encrypt your data so that you can’t access or recover it and then the attacker demands a ransom payment.
The latest evolution of this type of attack is the addition of extortion – not only encrypting the data but also threatening to leak the data in the event of no payment being made. In addition to dealing with the financial demand, you also need to deal with the operational disruption being caused. This will vary depending on the scale of the attack and the nature of your business.
All is not lost though, there are things you can do to protect yourself!
First and foremost, you need to get the basics right. Things like patching, closing down insecure protocols, email security and organisation-wide cyber awareness training all take time and effort but can make a big difference in the fight against ransomware.
Then, deploy a protective solution, such as a ransomware protection platform, that incorporates a variety of components to maximise your chances of staying protected. These could include tools that prevent file encryption and behaviour analytics to detect unusual and malicious user behaviour.
For more details on what to consider, view our ransomware brochure.
Lastly, make sure you have a comprehensive backup strategy in place, including a full recovery plan. This will ensure you can recover completely and in good time in the event of a successful attack.
No solution is ever 100% attack-proof, so being able to recover and get back to normal operations is crucial. But you can’t do that without a backup strategy and recovery plan, so these should not be considered as ‘nice to haves’!
However, we know that there are lots of different solutions to choose from and that each environment will have its own unique requirements. The good news is that you don’t have to shoe-horn in a one-size fits all solution and hope for the best. You can even benefit from backup as a service, where you let an expert partner work as an extension of your team and take the strain for you.
If you’re concerned about your ability to protect your organisation against ransomware, or recover from an attack, we’re offering a complimentary ransomware protection review, so book in now!
If you want to go beyond ransomware and look at a more proactive and comprehensive security solution, check out our hybrid SIEM service. Incorporating artificial intelligence, machine learning and security automation, orchestration and response (SOAR), all to help your team to work smarter, we can help you combat the common challenges seen in traditional Security Operations Centres (SOCs).
Offered with unparalleled flexibility in terms of deployment and management, a growing list of optional integrations, and very competitive commercials, what do you have to lose? Find out more.