← Insights Home
How to Avoid Ransomware: Top 4 Actions to Lower Your Risk
TOP 4 ACTIONS TO LOWER YOUR RANSOMWARE RISK
The massive WannaCry ransomware attack that began on May 12, 2017, quickly boomeranged around the world, infecting over 300,000 computers in at least 150 countries, with financial and economic losses from the attack reaching an estimated $4 billion.
Though ransomware exploits-in which cybercriminals use malware to encrypt computer data files and demand payment to decrypt them-have been around for nearly a decade, the global scope and scale of WannaCry dwarfed previous attacks. With businesses and organizations more reliant than ever on their data for everything from manufacturing, diagnostics, analytics and market differentiation, the impact of hackers holding their data hostage is increasingly hazardous.
Is your organization at risk of a ransomware attack? How can you protect your business- and profits-from the next ransomware attack?
Here at Net2Vault, we believe the best protection against a ransomware attack is a proactive defense. As a provider of cloud-based data backup and disaster recovery services to NetApp customers, we help our customers reduce the risk of cyberattacks and restore data if your files become infected with ransomware.
Read on to learn four key actions you can take right now to protect yourself from ransomware-before the next attack is launched.
EXPANDING THE BATTLEGROUND FOR CYBERATTACKS
The WannaCry attacks in May represented an escalation of earlier, smaller malware events. The scope of the attack was global, stopping production at Renault factories in France, closing the National Health Service in Britain, seizing control of computers at Chinese universities and locking data in Russia's Interior Ministry.
The virus itself was more destructive than most because it was ransomware built on a computer worm, a type of malware that replicates itself onto other computers on the same network. Once within the firewall, the virus can worm out and infect multiple other computers on the network.
According to the New York Times1, there are now dozens of types of ransomware, and they are supported by an entire underground industry. "The advent of new tools that wrap victims' data with tough encryption technology, hard-to-trace digital currency like Bitcoin, and even online sites that offer to do the data ransoming in return for a piece of the action, have made this method of cybertheft much easier." There are even companies on the Dark Web that offer "ransomware-as-a-service."
"Now anyone can visit a web page, generate a ransomware file with the click of a mouse, encrypt someone's systems and demand a ransom to restore access to the files. If the victim pays, the ransomware provider takes a cut of the payment," writes the Times.
USE MULTIPLE PROTECTIONS TO REDUCE THE RANSOMWARE RISK
Fortunately, reducing the risk of ransomware infections is relatively easy and inexpensive. Here are the top four actions you can take now to help prevent the damaging impact of a ransomware attack on your business or organization.
1) Get smart about email. Email is the most common way for ransomware to enter your computer network. Though nearly everyone knows that they shouldn't click on email attachments from unfamiliar senders, people still do precisely this. Cybercriminals have become experts at spoofing emails to look authentic and from trusted sources, such as your bank or a family member. Be sure to remind workers about the danger of opening attachments from unfamiliar sources. In addition, take a layered approach to electronic virus defenses. Limit incoming attacks by using an intrusion prevention system that can scan and quarantine emails that contain malware before they can get to workers' inboxes. Anti-malware software can prevent infections that reach the network from taking root, while outbound email filtering software blocks viruses from being distributed from your mail server, both within and outside your organization.
2) Make a discipline of patching. It is impossible to overstate the importance of ensuring your operating system and software programs are updated and patched on an ongoing basis. Most ransomware attacks take advantage of known vulnerabilities, for which patches are available. For instance, Microsoft issued a patch to fix the code vulnerability that the WannaCry virus took advantage of in March 2017, two months before May's attack. Any computer that applied that patch in a timely fashion was protected against WannaCry. Instituting a prompt and timely software update policy is one of the most powerful weapons against ransomware. Simply put, most attacks can be stopped by patching regularly.
3) Use cloud-based email servers. If your organization honestly can't commit to making sure your in-house email servers are always patched and up-to-date with the latest fixes, then you should consider employing cloud-based email services. Delivering secure, virus-free email is the business of services like Microsoft Exchange Online or Gmail, and they have the technical infrastructure and expertise to defeat online threats like ransomware before they get to you.
4) Safeguard your data with cloud-based backup and recovery services. An effective data backup and recovery plan that offers off-site data replication is critical for mitigating the impact of a ransomware attack. Net2Vault offers NetApp users all the services necessary to manage data backups, retention and replication in a secure, multi-tenant cloud architecture. Snapshot software ensures that point-in-time data copies of all required data are stored in the cloud. If data restoration is required, we can replicate a snapshot taken prior to the infection. And if you ever need to restore your data, we provide that service to our customers free of charge.
To learn more about Net2Vault data backup and recovery solutions for NetApp storage environments, please contact us at firstname.lastname@example.org or 866.532.1827.
1 With New Digital Tools, Even Nonexperts Can Wage Cyberattacks