Ransomware is recognized as one of the more popular attack vectors used in cybercrime. Hackers typically deliver ransomware attacks through infected email attachments, affecting businesses and government institutions large and small.
Ransomware attacks have gotten increasingly sophisticated over the years, requiring companies to rethink their approach to preventing them. In an enterprise’s networked environment, ransomware will use the shared networking to propagate, infecting other computers along the way. This is why entire networks are taken offline during ransomware attacks.
Some variants will even encrypt mapped and unmapped network drives, as well as connected cloud services, such as Dropbox, OneDrive, and Box.
As insidious as ransomware attacks have become, there are ways to prevent attacks and prepare your company for an attack, as well as effective methods for recovering from one when it occurs.
An Abuse of Trust
Most end users inherently trust the contents of their inbox, making it easy for cybercriminals to persuade them to open an infected attachment. The attachment then encrypts the company files, locking down the system, and the hacker demands a ransom in cryptocurrency in exchange for the decryption key.
Cybercriminals often use social engineering to find out information about company leaders and colleagues so they can make their phishing emails more convincing. Unsuspecting employees become internal threats as they click on malware-laden email attachments.
Regular user training is one way to increase ransomware readiness. Employees can undergo training on how to recognize and avoid suspicious emails and what steps to take when they see one.
Minding the Air Gap
Training employees is only one method for preventing ransomware attacks. Companies also need to take a new approach to how they back up and recover files.
Companies can learn from the warning posted in the London Underground: “Mind the Gap.” Air gapping the backup environment helps defend your company against ransomware attacks.
When a backup environment is air gapped, it is offline, off-site, and disconnected when not in use. This air gap prevents threats from targeting the backup data sets.
Always Be Prepared for Ransomware
Backup is the best defense against ransomware attacks, but your company can’t just make a copy of files and store them somewhere in the network. Some ransomware variants will hunt down and encrypt files stored on network drives and even in the cloud. On-site backups may be encrypted as well.
To be prepared for a ransomware attack, your company needs to follow the 3-2-1-1-0 Rule for backups:
- 3 different copies of data
- 2 different types of media
- 1 copy stored off-site in a colocation or cloud environment
- 1 copy stored offline
- 0 errors after backup recoverability verification
Continuous Improvement in Ransomware Readiness
Companies should continue to adapt their approach to protecting themselves against and recovering from ransomware attacks. Performing regular risk assessments as part of your overall data protection strategy will enable your business to proactively identify and mitigate potential risks. A risk assessment should verify that data is recoverable and can be restored quickly and easily.
The recovery process presents another opportunity for ongoing improvement. After a ransomware attack, your company should go through this process:
- Remove: Clean the network
- Recover: Restore from good backup
- Investigate: Retain logs for law enforcement
- Remediate: Close holes and debrief
The remediation process allows your company to remove vulnerabilities, lessening the chance of a future attack being successful.
The Right Ransomware Readiness Tools
While your company can use different strategies to increase ransomware readiness, working with the right technology tools can raise your level of readiness. ProActive Solutions partners with leading providers of resiliency solutions that protect against ransomware.
The Veeam Availability Suite™ enables companies to quickly and effectively restore critical data infected by ransomware. Veeam also provides an On-Demand Sandbox for testing recovery points.
Pure Storage offers SafeMode immutable snapshots that enable companies to create read-only snapshots of backup data after a full backup. Data can be recreated directly from these snapshots, helping guard against attacks by ransomware.
Rubrik helps companies defend against ransomware attacks with Polaris Radar, an application that accelerates the detection of and recovery from the attacks. Rubrik backups (aka snapshots) are immutable once created. Live mount focuses on the capability to make backup data available instantly without a traditional restore process.
Cohesity uses machine learning for anomaly detection to prevent ransomware attacks. Cohesity’s immutable file system and WORM backup snapshots help defend against ransomware encryption.
ProActive Solutions will work closely with your company to develop a strategy for fighting and defeating ransomware.
Find and bridge your ransomware prevention gaps. Schedule a personalized Whiteboard Session with a ProActive Solutions consultant today.