Ransomware: Best Practices for Prevention and Response
The SEI offers there top two best practices for avoiding ransomware.
An Ounce of Backup
The single most effective deterrent to ransomware is to regularly back up and then verify your system. More recent ransomware attacks have not only encrypted data files but also Windows system restore points and shadow copies, which could be used to partially restore data after a ransomware attack. Backups should be stored on a separate system that cannot be accessed from a network and updated regularly to ensure that a system can be effectively restored after an attack.
Other effective mitigation strategies include the following steps:
- Educate employees. Like other malware, ransomware often infects a system through email attachments, downloads, and web browsing. Organizations should conduct regular training to help employees avoid common malware pitfalls.
- Conduct regular data backups. This bears repeating. Conduct regular backups of your system and store the backups offline and preferably offsite so that they cannot be accessed through your network (For ransomware, offline is more important. For other events, offsite is more important).On a separate-but-related front, it is also important to regularly verify the data backup process to ensure backups are capturing all necessary data and that the restore process works in your environment. At a home/personal level, backup important files as they are modified and be sure that backup media (thumb drives, external hard drives) are not left connected to any networked device. Periodically check that the files can be accessed from the backup device. You don’t want to discover that it is defective at the point you need to restore data from it. It is also important to point out that popular online backup solutions may also be vulnerable to a ransomware attack as the backed-up data may be overwritten with newer version that is already encrypted by ransomware.
The FBI gives the following advice:
Phishing schemes are often just the start — leading to potential ransomware attacks, business-e-mail-compromise scams, and more.
So — how do you protect your company? From the lowest level employee, up to the CEO, your e-mail system needs to be a fortress filled with defenses.
- Don’t use free web-based e-mail accounts for your business. Establish your own domain and create e-mail accounts based on that domain.
- Ensure that your firewalls, virus software, and spam filters are robust and up-to-date.
- Immediately report and delete suspicious e-mails, particularly those that come from people you don’t know.
- If you receive an e-mail from someone who appears to be a legitimate contact; but you are wary, make sure you “forward” it back to the sender. Do not hit “reply.” That way you can manually type the known e-mail address or find it in your established contact list to confirm authenticity.
- Don’t click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.
- Consider two-factor authentication for employee e-mail. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.)
- Create a security system that flags e-mails with similar — but incorrect — formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the e-mail comes from Joe at ABC-company.com?
- Make sure your e-mail is encrypted in-transit if you are putting sensitive information into it.
Bottom line — build the e-mail fortress tall and wide to protect your business.