01 Mar Cybersecurity recommendation | 6 | Protect your company against ransomware
Ransomware (or more generally, crypto lockers that encrypt data without possibilities to get the decryption key) is known to have triggered costs of billions €, for the recent years. Costs include the ransom itself when companies decide to pay, or the impact of the Information System being stopped, (when data are encrypted without any possibility to recover them), the costs of rebuilding the databases, the effect on the company’s fame.
If malicious emails are often the vector of the infection that encrypts the user’s data, they are not the only ones. For example, the encryption Trojan Petya distributes itself when unsuspecting users open a Dropbox file. The user downloads the malware in doing so. Misconfigured or outdated Internet-facing services are also used to deploy crypto lockers, especially human-operated ransomware.
Ransomware (and more generally crypto lockers) target all sorts of victims, from large companies to SMEs, and to hospitals as happened during the COVID crisis. Ransomers do not care about the social or moral impact of their attack, they are up for money whatever the suffering they trigger.
9 key recommendations you should keep in mind
- Malicious emails remain one main door into your information-system. Don’t let this door open!
- Staff awareness is very important, it must be developed and regularly checked.
- However, hackers will continue trying to come in. So better if you have a system that
detects abnormal content in an email and stops it.
- Employ a strong email filtering system to block spam and phishing emails.
- Repeated cybersecurity awareness is a must to protect business information assets.
- Ensure that a Business Continuity Plan is in place which can isolate and stop any ongoing attack then rapidly restore infected data machines from a pre-attack point-in-time backup.
- Ransomware can be dormant for long periods. Backups should accordingly include long retention data (> 6 months). Ensure backup storages are not accessible to propagated file system attacks and consider off-site and air-gapped protection.
- Deploy a resilience solution to face the day a crypto locking attack will occur in order to still access your key data (because backups may be affected) and communication capacities.
- Using an automated EDR solution (Endpoint Detection and Response) is a recent but promising way to detect and neutralize such threats in real-time. Indeed, ransomware can propagate very fast and destroy hundreds of machines in a matter of minutes, making automated remediation critical. Plus, thousands of new ransomware strains are released on the Internet every single day, so you should make sure your antivirus solutions can keep up (anti-virus based only on a list of known viruses will stop known viruses but not those which are yet unknown), while EDR products aim to detect and kill advanced and unknown threats.
Download and consult our Cybersecurity Guide for more recommendations: