Ransomware, namely the WannaCry and NotPetya viruses, filled newsfeeds last year as the most prolific cyber security attacks in history. How prolific? The two Ransomware attacks combined to infect 200,000 machines in 100 countries, and NotPetya caused an estimated $1.2 billion in damages.
The most common shark attack against humans is known as the “hit-and-run” attack. Typically occurring in the surf zone amid murky waters, the swimmer or surfer seldom even sees its attacker.
The same could certainly be said for Ransomware in 2017.
Ransomware, namely the WannaCry and NotPetya viruses, filled newsfeeds last year as the most prolific cyber security attacks in history. How prolific? The two Ransomware attacks combined to infect 200,000 machines in 100 countries, and NotPetya caused an estimated $1.2 billion in damages. And while we’ve seen a lull in headline-stealing, wide-scale Ransomware attacks thus far in 2018, they remain a real, tangible threat for businesses world-wide, many which remain uninformed on how to defend against such an attack.
Ransomware is defined as a form of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. A general, solid defense against it is a two pronged approach:
Education: The end-user is often the best defense against Ransomware, especially considering the phishing email attack is a major method of infiltration. Strong user security training can help any organization significantly reduce its exposure to unnecessary risk.
A few tips to pass on to employees RIGHT NOW:
- Do not open emails from strange or unfamiliar email addresses
- Do not disable or deactivate antivirus or anti-malware software
- Do not download software from torrent sites — official or direct downloads are preferable
- If you receive an email from a familiar contact that includes an attachment or link, verify separately that the person or organization actually sent you this message
Infrastructure: Advanced endpoint and network protection, coupled with a solid, off site data backup solution are critical components of defense.
10 Tips on Defending Against Ransomware, Provided by Barracuda Networks:
1. Understand your attackers
Whether you’re a small business with a handful of employees, or a Fortune 500 company, everyone is a target for ransomware. No company or bank account is exempt.
2. Secure all Internet threat vectors
Modern, advanced attacks exploit multiple attack vectors including user behavior, applications, and systems. The six main attack vectors are email, web applications, remote users, on-site users, the network perimeter, and remote access. A comprehensive security posture should extend across all these vectors. A firewall is not enough.
3. Secure all attack surfaces
The clear business benefits of migrating to virtual and cloud environments means that hybrid networks are increasingly the norm. Effectively securing cloud or SaaS-based applications like Office 365 requires a comprehensive solution designed to centrally manage hybrid networks.
4. Educate your users
User behavior can be your single greatest vulnerability. Good security is a combination of enforcement, monitoring, and user education—especially against threats like phishing, spear phishing, typo-squatting and social engineering.
5. Don’t forget your remote workforce
The mobile revolution drives productivity, collaboration, and innovation, but it means much of your workforce is outside the network perimeter—often connecting via personal devices. This creates a huge potential gap in your security if not properly protected.
6. Keep your systems updated
When vulnerabilities in platforms, operating systems, and applications are discovered, vendors issue updates and patches to eliminate them. Always make sure you’ve installed the latest, on all potential attack surfaces. And never use obsolete software that is no longer supported with security updates.
7. Detect latent threats
Clean house! Your infrastructure likely contains a number of latent threats. Email inboxes are full of malicious attachments and links just waiting to be clicked on. Similarly, all applications—whether locally hosted or cloud-based—must be regularly scanned and patched for vulnerabilities.
8. Prevent new attacks
With today’s evolving threat landscape, sophisticated, targeted, zero-day attacks are coming your way. To stop them, you need advanced, dynamic protection with sandbox analysis and access to up-to-the-minute global threat intelligence.
9. Use a good backup solution
A simple, reliable backup system lets you recover from many attacks within minutes or hours, at very low cost. When data is corrupted, encrypted, or stolen by malware, simply restore from backup and get back to business.
10. Keep management simple
As both networks and threat landscapes grow more complex, it’s easy to let security management become a major burden on IT staff. And with complex, disjointed management come more oversights that cause security gaps. Minimize both risk and cost with a simple, comprehensive solution that provides “single-pane¬of-glass” security administration and visibility across your entire infrastructure.
Would your business see such a predator coming today? Even more so, would you have a plan of defense? If not, learn more by reading this FREE eBook, where you’ll learn:
- how malware is spread,
- the different kinds of ransomware, and
- most importantly, what you can do to avoid or recover from an attack.
![Everything SMBs need to know about Ransomware [free ebook]](https://no-cache.hubspot.com/cta/default/489415/9f9de462-fe83-4013-b106-4cea50c1c1e0.png)
Source: Barracuda (www.barracuda.com)