How IT Professionals Can Detect and Prevent Ransomware Attacks

OCTOBER 27TH, 2020

Ransomware has been around for so long now that we all know the drill: Someone clicks a bad link or opens a bad attachment, the company’s data is encrypted until a ransom is paid (or not), then the company either receives the decryption key, or it starts restoring its now useless data from backup.

At least that was the drill until recently. An increase in ransomware attacks on major hospital systems have upped the ante to life and death.

In what is believed to be the largest ransomware attack in United States history,  all 250 Universal Health Service facilities in the United States were affected by a ransomware-induced computer outage. The outage had nurses hand-labeling medication and wondering if patients would get the care they needed. 

A ransomware attack on a German hospital in Duesseldorf is being blamed for the death of a woman in need of critical care. The attack knocked out the hospital’s IT system, which prevented the patient from being admitted for immediate treatment. The patient was consequently transported to another hospital, where she later died.

Today’s ransomware operators are increasingly seeking out targets with deep pockets and a lot to lose, which is why every enterprise IT team needs to either create a rock-solid ransomware prevention strategy or beef up their existing solutions to meet the current threats. 

Proactively planning for the “not if, but when” scenario of a ransomware attack will help your organization prevent downtime, protect your reputation, and avoid expensive fines, legal fees, and cleanup costs. 

Here are 10 ransomware tips that can help IT professionals prevent and mitigate damage and data loss from a successful ransomware infection.

Segment Your Network

Every second counts after ransomware enters your network. The longer the malicious code has free range in your systems, the more data it can encrypt and render useless.

It’s crucial to limit the amount of data a cybercriminal can access so that your entire network isn’t compromised in a single attack. Setting up zones with different credentials for each is one effective way to isolate ransomware damage. 

Another is securing your backups away from the company network. Ransomware operators often target that data because it maximizes the potential data loss, which is more incentive to pay the ransom.

Set Up an Early Cyberthreat Detection System

The faster your cybersecurity system detects and neutralizes an attack, the less data you will lose. Implementing a unified threat management program can find intrusions as they happen and prevent them from encrypting and exposing your business-critical data.

Install Anti-Malware/Anti-Ransomware Software

It’s no longer sufficient to run basic antivirus software and expect it to catch the myriad threats IT is battling every day. Cover all your bases with security software that consists of antivirus, anti-malware, and anti-ransomware protection. Be sure to regularly update virus definitions in order to maximize the number of threats your cybersecurity system recognizes and blocks.

Stay Current on System Patches and Updates

Some of the most infamous ransomware attacks succeeded because of missed patches (I’m looking at you, Equifax.) 

Many small-to-midsize organizations simply don’t have the in-house IT bandwidth to keep patching current, leaving them wide open to any number of cyberthreats. Which is why many companies opt for cloud-based ransomware protection solutions, because they take care of patches and updates automatically.

Educate Employees on Cyberhygiene

The primary way that ransomware enters company networks is through unwitting or careless employees clicking bad links or opening infected email attachments. 

Setting up a cybersecurity awareness program in your organization provides a forum for teaching employees what to do if they get a phishing email, how to identify bad links and suspicious attachments, and the steps to take if they accidentally infect the company network with ransomware. 

Enable Viewable File Extensions

Executables attached to email are a common vehicle for ransomware and other malicious programs. You can help mitigate risk by enabling viewable file extensions on all company computers. This will let employees quickly determine whether an attached file is executable, such as a .exe, .vbs, or .scr, before they open the attachment and infect the company network.

Implement the 3-2-1 Data Backup Strategy

This popular approach to securing backups for efficient, effective recovery ensures your data is isolated from the main network and will be unaffected by local physical threats as well as cyberthreats: 

  • Make three copies of your data
  • Store them on at least two different media
  • One of which should be in the cloud or at the very least off-site

Enforce Strong Password Protocol

A surprising number of organizations use the same default password for multiple accounts or common/weak passwords for shared accounts. Cybercriminals know this and employ tactics like password spraying that could wreak havoc on your network.

When the attacker finds one successful entry point, it’s only a matter of time before they are able to work their way laterally to the business-critical data. Establishing and enforcing strong passwords or implementing technology that takes passwords out of the hands of users is the most effective way to stop this type of attack.

Schedule Frequent Security Scans

Your cybersecurity solution provides real-time threat tracking and alerts, but it’s a mistake to assume that that is enough. Schedule frequent security scans of your systems to ensure your primary security tool didn’t miss anything.

Keep Your Device and Endpoint Inventory Up to Date

It’s hard to recognize or prevent an attack if you don’t know exactly which devices are legitimately connected to your network. Conduct regular inventory on all devices connected to your network so you know where your vulnerable endpoints are. This will help you review what permissions each device should have based on the user so you can make adjustments as needed.

Today’s IT professionals face a constant barrage of cyberthreats daily. Ransomware is a common method attackers use to access company networks for financial gain. Ransomware operators evolve their tactics nonstop, so it’s crucial to have a ransomware prevention strategy in place before you need it. Download Your Guide to a Ransomware-Free Future to learn how to proactively defend against the ransomware threats you know, and those you don’t.