Top ransomware threats – what you need to know
The top ransomware threat of today is indisputably encryption ransomware. Even people who know nothing about IT will probably remember the name WannaCry due to the infamous attack of May 2017 (which spread to approximately 150 countries). Other prevalent nasties include the likes of Locky, Bad Rabbit, Ryuk, CryptoLocker, Petya/NotPetya. The bad news is that ransomware shows no signs of going away any time soon, quite the opposite. The good news is that effective preparation will keep you safe from it.
Start with the end in mind
Your main goal is to keep your data safe. Your secondary goal is to make sure that you retain access to it. This may seem like a strange order of priorities, but the consequences of having data stolen can be far more serious than the consequences of simply losing access to it.
This means that all sensitive data should be kept encrypted. All personally identifiable data must be kept encrypted. This includes any personally identifiable data you collect from your own employees. Encrypting data will not defeat encryption ransomware. It will just render your data useless for anything other than ransom value and a good data backup will deal with that.
Make sure your data-backup strategy is ransomware-proof
All companies need to have (at least) two data backups, one local and (at least) one off-site. It is massively risky to rely on local data backups because any malware which can get into your production systems can almost certainly get into your local backup too. This is particularly likely with ransomware, especially if you use automated data backups.
You absolutely must have an off-site data backup which is completely separate from your main system. Completely separate means both physically and logically. It’s fine for this data backup to be online (e.g. in the cloud, even the public cloud), just as long as there is no connection whatsoever between your main system and your off-site backup.
Ideally, you should keep data backups from different time points. The reason for this is that ransomware creators are becoming increasingly astute and creating ransomware that lies dormant for a while and/or works slowly to increase the chance that your off-site backup will be compromised. If you’re in the cloud, you can reduce the cost of this by moving older data backups to slower storage. This will lengthen your recovery time objective, but it will still be a vast improvement on losing your data.
Once you have a data backup strategy that you think works, then test it to make sure that it does work. Then make a point of running periodic tests to make sure it still works. If you then have to restore after a ransomware attack, make sure you scan your system afterward just in case the infection is still lurking there waiting to pounce again.
Keeping ransomware out of your systems
The more ransomware you can defeat before it gets into your systems, the less downtime you will experience.
Keeping ransomware out of your systems starts with good IT hygiene. In particular, it means sticking with operating systems and applications which are still actively supported by their developers. This ensures that you will receive patches for any security issues which are identified. It’s then up to you to make sure that these patches are applied promptly.
Linux users need to keep a close eye on the main news sources for the distro they use to see if users identify any security issues and, if so, whether or not there is a solution. Since Linux is open-source, there is no guarantee that someone will patch a security flaw at all, let alone do so quickly. You may, therefore, have to make sure you have the budget to do this yourself if need be.
For completeness, although most ransomware is still spread through the longstanding means of email attachments and compromised websites, it is becoming more common for cyberattackers to target servers. This can be seen in the growth of malware for Linux, especially ransomware for Linux.
You then need to boost this by investing in a robust anti-malware product. For most companies (and individuals), this means a cloud-based, all-in-one solution.
The reason for choosing a cloud-based product is because it means that the vendor manages the entire update process. This is not only very convenient but also eliminates the possibility of mistakes at your side.
The reason for choosing an all-in-one solution is that it ensures that you have everything you need right out of the box. This not only saves you the hassle (and cost) of choosing the right individual products but also ensures that all functions work together automatically.
Please click now to start your free 30-day trial of Xcitium AEP.