A quick guide to anti-ransomware protection
Ransomware has been around since 1989 but it only started becoming a real threat in the early 2000s. The first major attack was arguably the Reveton attack of 2012. Since then, however, there have been several waves of large-scale ransomware attacks as well as persistent, low-level attacks. The threat posed by ransomware is growing all the time. With that in mind, here is a quick guide to anti-ransomware protection.
Use a robust anti-malware product
The default security apps bundled with most operating systems give a decent, baseline level of protection. If, however, you want as much protection as you can get (which is highly advisable), then you need to boost these with an anti-malware product from a specialist cybersecurity company.
For most people (individuals and organizations), the best approach is to use a cloud-based anti-malware product with an integrated firewall. This gives you maximum protection with, effectively, zero hassle (as the vendor takes care of all the entire update process) and minimal load on the local device.
Update your operating system and locally-installed apps
Microsoft, Apple, and Google all produce regular updates for their current operating systems. These need to be applied promptly. Ideally, you should apply them as soon as they become available. In the real world, however, some people might have concerns about this approach as it’s not all that unusual for updates to fix some problems and introduce others. Microsoft in particular has something of a reputation here. If this is a concern for you, then it’s usually fair enough to wait a day or two to see if problems are reported, but keep the delay to a minimum.
On a similar note, if you are still using locally-installed apps, then these will also need to be updated. If you’re using cloud-based apps then the vendor will take care of updates. In either case, make sure you only use software from reputable vendors, especially if it’s free software. Never be tempted to use pirated software as this is notorious for being a way to spread malware, including ransomware.
Keep your sensitive data encrypted
If you store sensitive data in the clear, then you could leave yourself open to a whole world of pain in the event of any sort of malware attack. In the case of ransomware attacks, you could find that even if you pay the ransom and recover access to your data, the attackers still keep a copy of it for their own use. If you refuse, they could openly sell your data or expose it online to punish you and intimidate future victims. You can avoid all of this by simply keeping your sensitive data encrypted in both your production system and your backup systems.
Make sure your approach to data backup is ransomware-proof
The traditional approach to data backups is known as the 3-2-1 system. That’s three copies of your data, over two media (clouds) with one copy being held off-site (in a different cloud). This is still a good rule to follow today and offers much more protection against any threat, including ransomware than just using one data backup.
Possibly one of the reasons why ransomware has been able to grow so much is that companies, especially SMBs, who use the public cloud may be tempted to skip the off-site backup. While this is understandable, given that it does take a bit of work to set up and is, obviously, an extra expense, which most SMBs would prefer to avoid, it’s also very risky.
The reason for this is that cloud providers only manage external security. In other words, they maintain the security of their own platform. It is up to each client to manage their own intra-cloud security.
What’s more, a lot of public clouds run automated data backups. Although these are very convenient they do mean that if your production system is infected with ransomware there’s a distinct possibility that the encrypted files will be transferred into your local data backup, overwriting the healthy files which were there previously.
Ideally, not only should you have a second, off-site data backup, but you should also have different restore points, just in case it takes you some time to pick up on the presence of ransomware.
Stay alert to social engineering
It’s probably fair to say that, by now, most people understand the basic principles of safe-surfing/emailing. The problem is that ransomware can be so lucrative that the attackers behind it can put a lot of effort into social engineering. This means that IT teams have to keep themselves up-to-date on current tactics and make sure their users are suitably educated on them.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response