Malware, including ransomware, viruses, trojans are a grave threat to organizations. Out of these, ransomware is unique. Not only does it steal and corrupt data, but it also locks out the users from their own systems so that taking corrective actions becomes almost impossible. Considering the debilitating impact of a ransomware attack on an organization, it is advisable to take certain precautions proactively, a few of which are mentioned below:
1. Take backup: Timely and proper backup is the best defense against ransomware. Taking both full and incremental backups is important. The incremental backup becomes extremely valuable in restoring the system to the point just before when the system got infected. Many systems today come with a provision of parallel backup, i.e., a backup of the transaction is created as soon as the transaction is committed. However, regular backups of data (database, emails, files and other static data) other than transactions are more useful to restore system post a ransomware attack. The transactions can then be checked in smaller batches to identify which transaction caused the infection.
2. Update all software: Almost all software vendors release security patches regularly. As soon as any security gap is identified in the software, they work towards fixing it and releasing a patch or update to mitigate the risk due to this vulnerability. All these patches must be applied as soon as they are released. Antivirus and firewalls must also be updated frequently. Many times, mobile devices connect to un-trusted networks for long durations (e.g., during long business trips). For such situations, organizations must deploy solutions that can update devices over the internet. There are many commercial device management solutions which ensure that all devices are up to date with all patches authorized by the organization, whether they are inside the organization network or outside.
3. Scan email attachments: Email is the most common form of communication and a very potent source of all kinds of malware, including viruses and ransomware. As a first step, all emails should be scanned at the email server as soon as they are received and any email from suspicious source should be blocked or quarantined. The email security software must routinely update such sources. Further, users should also be cautious while opening any attachment. An email may be from a trusted source, but an unnecessary attachment could indicate that the reliable source itself has become infected. As a rule, no attachment with .exe should be opened. There are other more secure ways to transfer executable files. Lastly, be careful while opening .jpg (image) attachment which is a favorite with hackers.
Also Read: Why Choose Seqrite EPS against ransomware?
4. Disable document macros: Most of the MS office document formats have a provision of running a small piece of code to perform some task in the document itself. This code is called a ‘macro’ and resides within the document. These macros can be used to gain access to the computer’s resources and transfer data or information which may include other executable files (e.g., auto download a file from a web location as soon as the document is opened). Macros are a popular way to transfer all kinds of malware and ransomware and thus disabling them would be a wise thing to do to prevent a ransomware attack.
5. Restrict user access/privileges: One of the main causes of malware spreading in the network is the abuse of privileges given to the user. Almost all users want to have full admin rights to their workstations, without realizing the risks that come with it. With admin rights, a single infected computer can create havoc across the whole enterprise’s infrastructure. All users must be given access based on their profiles and need, and the access rights must be periodically and frequently reviewed to safeguard all data.
Ransomware attacks are real and far more lethal than any other cyber-attack. An organization unprepared to tackle ransomware menace can face serious consequences starting from loss of data to operational failure to total shutdown of business depending upon the magnitude of the attack. Thus, it is important to take necessary precautions against ransomware to prevent an attack or at least minimize the impact, in case it does strike your company. In a fight against malware, being well prepared is half the battle won.