Ransomware attacks targeting hospitals, emergency call centers and other vital infrastructure can be very damaging. Businesses and public bodies must equip themselves and be able to adopt a 360-degree approach:

Ransomware: how to defend yourself

Knowing how to defend yourself from ransomware has become a vital need as these attacks are increasingly widespread and represent a serious threat to anyone. Among those most affected by ransomare attacks we find Local societies, large businesses, hospitals and even critical infrastructure.Malware known as ransomware prevents users from accessing a system, device or file unless a ransom is paid.

To this end, the ransomware performs multiple actions such as encrypting files, threatening to delete files or blocking access to the system. Ransomware attacks targeting hospitals, emergency call centers and other vital infrastructure can be very damaging. Businesses and public bodies must equip themselves and be able to adopt a 360-degree approach to prevent and limit the impact of ransomware.

The 4 categories of ransomware

Ransomware is the most widespread type of malware. It encrypts data and makes it impossible to decrypt without a decryption key.

  • Lockers prevent you from using your computer to work or perform basic tasks until the ransom is paid.
  • Scareware aims to scare consumers into buying useless software. In some circumstances, pop-ups invade the screen and require payment to be removed.
  • Doxware/Leakware – If the company or individual refuses to pay the fine, doxware or leakware threatens to leak private or company information.

Here are 9 steps businesses can take to defend against ransomware and limit the damage to their data.

Back up your data

It's a good idea to consider the ultimate goal of the backup and determine which data your organization needs the most. Choose a reasonable backup interval for your organization and decide where the data should be stored. Additionally, data backups should be performed with security controls commensurate with the sensitivity of the data. It is considered that the best approach to recover from a ransomware attack is to back up your vital data regularly. Always ensure that backup files are properly secured, stored offline or out of band, and tested regularly for effectiveness.

Use antivirus programs and firewalls

The most popular means of defending against ransomware are comprehensive anti-virus and anti-malware programs. I am able to search, find and react promptly to online threats. However, since antivirus software only works internally and can only identify an attacker when it has already entered the system, the firewall must also be configured.

The first line of defense against any incoming external threat is often a firewall. It can defend against both software and hardware attacks. Any business or private network must have a firewall because it can filter and prevent suspicious data packets from entering the system.

Network segmentation

In the event of an attack, it is crucial to prevent the spread of ransomware as much as possible, which can quickly infect a network. By implementing network segmentation, the company can isolate ransomware and prevent it from spreading to other computers by dividing the network into several smaller networks.

To prevent ransomware from reaching your data, each individual subsystem must have its own security measures, firewalls, and unique login. Segmented access will not only prevent the threat from spreading to the main network, it will also give your security team more time to find, contain and eliminate the threat.

Develop plans and policies

It is imperative that you create an incident response plan and suspicious email policy. This will help educate staff members on what to do if they receive an email that raises concerns and they are unsure about. Also, you need to review your port settings and limit connections to trusted hosts. Secure your endpoints, keep systems up to date, and train your team. Implement an intrusion detection system to detect malicious activity and quickly alert your organization if potential malicious activity is detected.

Review the port settings

You should consider whether your organization should leave ports open and limit connections to trusted hosts only. When reviewing port settings, consider which ports should be open and which may be closed. Then proceed to close unnecessary ports and limit connections to trusted hosts. Finally, configure access control lists (ACLs) to control the traffic that can enter the system.

Secure your endpoints

An endpoint is any device that can connect to the corporate network. These are mobile phones, tablets, notebooks that are in the possession of private individuals and that do not always comply with the security measures. For this reason, in the event of a cyber attack, these devices are the most vulnerable and with the spread of smart working, the dangers for companies have increased. Secure configuration settings can help reduce your organization's attack surface and close the security gaps created by default settings. Ensure that endpoint access control lists are configured correctly and that no unnecessary ports are open. Also disable unnecessary services and protocols and use two-factor authentication when possible.

Keep systems up to date

Apply the latest updates to fill security gaps which are usually the spaces that attackers try to exploit. Make sure all software is patched and updated to the latest version. Also, check that your antivirus and antimalware programs are up to date and regularly scan your endpoints for potential threats

Form the team

To stop ransomware in its tracks and defend against ransomware, security training is key. Every person contributes to the security of the organization when they are able to recognize and avoid malicious emails and protect the organization from risky activities. Additionally, policies and procedures must be created to respond to a ransomware attack, such as immediately disconnecting from the network and notifying IT or security personnel.

Implement an IDS

An IDS, or intrusion detection system, searches for malicious activity that it can detect through sensors and as a result quickly alerts the business if it detects potential malicious activity.

When ransomware attacks, it's imperative that the business is alerted and launches a swift investigation. As noted, mature organizations should be given 10 minutes to investigate an infiltration. However, only 10% of companies manage to reach this standard.

error: Content is protected !!