How Do I Protect Myself and My Company from Ransomware?
It’s been a pretty popular topic recently. The reason it’s popular isn’t because ransomware is a new thing. It’s actually been around for quite a while and it’s a common tactic used by criminals and other bad actors.
You may have seen this recently but it’s probably because of some recent of the high-profile ransomware attacks. Almost everyone’s familiar with the Colonial Gas Pipeline ransomware attack in 2021.
With that ransomware attack, gas supplies in the southeast part of the country were stretched very thin and there were a lot of gas stations running out of gas because of panic buying.
There were a lot of great Facebook memes of people throwing tarps in the back of their pick-up trucks and trying to fill it with gas; sometimes this is stuff you just can’t make up.
But with ransomware in that particular case, I thought it was funny because it showed how little most people know about it.
So I remember the media said, “Oh hey, it’s just going to be a couple of days. The company is going to restart their computers and then their systems will come back up.” Yeah, that’s not really how ransomware works.
What is Ransomware?
Ransomware is a form of malicious software (aka malware) designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.[1]
What does that mean?
With ransomware, what happens is someone gains access to your system, whether it’s an insider threat, somebody that had credentials and shouldn’t have, or somebody got in by other means.
Someone gets into your system, takes your system files, your accesses, whatever’s precious to you, and they encrypt it. Now only they have the key. Unless you get that key, you can’t decrypt it.
Maybe that doesn’t sound so bad. But think of it this way, they took everything that you have. They put it in a vault and nobody can get access to that vault without their key. It’s almost impossible. It could take more years than we’ll be alive for you to put the best computer against it and try to come up with what that key is.
So they can hold you hostage because everything you’ve done is now, really, under their lock and key.
Protecting Yourself Against Ransomware
What are some thing I can do to protect myself from ransomeware?
Well, there’s some easy ones like having security measures in place that monitor people who work for your company that are accessing files outside of normal business hours.
Or you could employ different kinds of behavioral analytics; when something just doesn’t look right, it’s ok to ask the question of why.
Strong Passwords
Well, how about just strong passwords? We can’t tell you the number of people that we work with now and that we’ve helped before, that their passwords are simple words.
Whether it’s all lower case “password,” or upper case P “Password,” or “password” with an @ and a zero in it, or “password1234.” None of those are secure.
If you’ve lost your password in a previous breach, Google tries to do a good job of notifying you, letting you know this password’s been exploited before, it’s a weak password. And guess what? You probably shouldn’t use it.
When people try to hack your system, they’re not going to go through and manually try every combination of characters. They’re not going to have some random text generator either. They’re going to have a file, a library of known passwords and they’re just going to run them all against your system. So, they don’t have to try combinations. They don’t have to use sophisticated techniques.
They just have to try common or weak passwords, and guess what? They’re going to get into your system. And if you happen to be an admin, that’s going to be really, really bad for the company.
Strong passwords are key to your security. Strong passwords contain upper case letters, lower case letters, and special characters.
There’s an interesting way to do that. A lot of systems will allow spaces; so just type a sentence. You can always use “I’m the world’s greatest” with different capitalizations and spaces and an exclamation point.
It’s really easy to remember, and it’s a really strong password, because you get a lot of characters in there. Or “I grew up at this address,” because then you have numbers, letters. You get the point, right?
I Have a Strong Password. Now what?
Another thing you could do is have backups of your company files. Take a daily backup of your company system. Ask your IT staff to store it in an off-site location. Keep the last 30 days of back-ups or find an IT company to do it for you. What should your company back up? Depending on your business model, it would be the information is important to you and your company. Now you’ve put your company in a more secure posture. If there’s a ransomware attack and someone locks up all the company’s important information, you can just restore from a backup. And guess what? You’ve only lost whatever changes or transactions were made since the last back-up.
You don’t have to go make an investment for an intrusion detection system, (IDS) or an intrusion prevention system (IPS) or to quickly get cybersecurity insurance. You can actually protect yourself with some common sense things like strong passwords and multi-factor authentication and backups. Some of the best practices in protecting yourself and your company from being the target of ransomware attacks.
We've Protected Our System. What's Next?
Backup Company Files
Another thing you could do is have backups of your company files. Take a daily backup of your company system. Ask your IT staff to store it in an off-site location. Keep the last 30 days of back-ups or find an IT company to do it for you.
What should my company back up?
Depending on your business model, it would be the information is important to you and your company.
Now you’ve put your company in a more secure posture. If there’s a ransomware attack and someone locks up all the company’s important information, you can just restore from a backup. And guess what? You’ve only lost whatever changes or transactions were made since the last back-up.
You don’t have to go make an investment for an intrusion detection system, (IDS) or an intrusion prevention system (IPS) or to quickly get cybersecurity insurance. You can actually protect yourself with some common sense things like strong passwords and multi-factor authentication and backups. These are some of the best practices in protecting yourself and your company from being the target of ransomware attacks.
How do ransomware actors go after their targets? How can I protect myself and my employees?
What are company’s chosen by those ransmore actors? How does that vector happen? Most of the time it’s probably because you went to a bad website. And it’s probably, because somebody in the company clicked a link in an email that might have looked real or might have just looked fun, and that link took them somewhere that executed code on your system and exposed your company to those actors.
There’s things you could do for your company that can have it so that links and emails are deactivated by default.
Another option is to use a cloud browser like Silo from Authentic8. Members of your company can click and go to a link and they actually execute that code in a sandbox somewhere, and it protects your company.
Cybersecurity training can also help. As a company owner or manager, make sure that you have some type of cybersecurity awareness program. So when an email comes in that you just inherited $10 million from an African prince, your employees know that it’s probably not a good idea to click those links or download the attached document.
Don’t click weird looking links; don’t download suspicious looking files.
Advise your employees to check that emails containing links or attachment are generated or sent from a trusted source. Maybe there’s some type of email signature that your company uses for verification. There are plenty of things that you and your employees can do to increase your cybersecurity posture.
Recap: How Do I Protect Myself and My Company from Ransomware?
- Really Strong Passwords
- Back Up Company Files
- Increase Cybersecurity Awareness Posture
- Multi-Factor Authentication
If you get hit with a ransomware attack, there’s really not much you can do other than pay. If you don’t have a backup of the data and you can’t afford to lose it, you ‘ll end of paying for your files.
Many companies choose to cybersecurity insurance these days as a solution; that comes with a price to your profit margins and will likely require you to employ a company-wide cybersecurity measures to meet the insurance requirements.
So why not get your company to employ multi-factor authentication up front and make your best attempt to avoid being a target? An investment up front may save your company in the long run from being a target.
