Whether you get your news from mainstream media outlets or you follow trade publications covering technology and security, you’ve probably heard a lot about ransomware over the past couple of years. According to the FBI, ransomware attacks have become more costly to U.S.-based businesses during this period even as their overall incidence has declined. This suggests that the criminals behind these attacks have gotten better at engineering and targeting them in order to collect more money from their victims.
Of course, it’s important to take data on ransomware’s prevalence with a grain of salt. When cybercriminal activities are designed to extort money from victims by threatening them with reputational damage, businesses that get hit have significant motivation to cover up the attacks. So we may never know how widespread ransomware attacks truly are.
Nonetheless, with high-profile incidents like those targeting the cities of Atlanta and Baltimore continuing to make headlines, it’s reasonable for any business leader to ask if they should be concerned.
Our answer is equivocal at best: it depends.
For organizations that follow a basic set of IT and information security best practices, we think the risks are fairly small—and certainly manageable. We haven’t seen a statistically significant increase in this type of activity targeting our clients. And we believe that criminals will always seek to find and attack the organizations that will be easiest to victimize, what you might call the “low-hanging fruit.”
If you’re able to put these fundamental safeguards in place, you might feel cautious or concerned about ransomware. But it shouldn’t keep you up at night.
#1: Apply software patches regularly, and as soon after their release as possible.
The overwhelming majority of ransomware attacks target known vulnerabilities that were patched long ago. Setting up processes and systems that ensure that software updates are performed on an ongoing basis and in a timely fashion solves this problem.
#2: Harden your systems against attack.
Some years ago, reliable guidance on configuring systems and security controls was hard to come by. Today, all major hardware and software vendors have detailed documentation on how to do so. Taking the time and care to accomplish this is key.
#3: Review general information security hygiene, especially user privileges.
Keep a critical eye on privileged accounts throughout the organization, reviewing them periodically (at least annually). Long-term employees should not accumulate privileges over the course of their tenure. Instead, they should only be granted access to the resources they need to get their jobs done.
#4: Have a backup and recovery strategy and test it regularly.
It’s an unfortunate but realistic scenario: what would you do if ransomware not only encrypted all of your files, but corrupted backups as well? Even if you don’t do a full-scale practice drill, at least consider a tabletop exercise in which you rehearse what you’d do in this situation. Thinking through the alternatives is the most important preparation.
#5: Implement security monitoring.
Having an effective security monitoring program in place doesn’t remove all risk of a ransomware attack, but it does mean that cybercriminal activities are likely to be detected much earlier in the course of an attack. And the earlier an incident is detected, and incident response procedures begun, the less damage you’ll see.
Ransomware has attracted a great deal of attention lately, but with proper preparation, you shouldn’t be unduly concerned. Want to learn more about how BTB Security can help you quickly identify and eliminate threats before they become problems? Check out our RADAR managed detection and response services.