Five Valuable Tips to Take-Away For Ransomware Protection
The way that WannaCry spreads is by SMB using a vulnerability found within Microsoft Windows. Microsoft addressed the vulnerabiolity by releasing a new patch with the reference name of MS17-010 back in March. Organisations still had not updated their systems, and therefore had been exploited via the weakness in their defences. Once it infects the network, WannaCry encrypts all files it has access to and attempts to delete all shadow copies, making affected files even more difficult to recover.
It is important to be vigilant against these types of attacks. Although WannaCry is a particularly vicious ransomware, there are steps you can take to guard against similar attacks. Here are five things you can do today to protect yourself:
Patch your servers and workstations regularly. Develop a patching program and methodology that allows patches to be deployed within company policies. Generally, critical patches should be applied within 30 days of release. If you are unable to patch your systems (for reasons such as application compatibility), ensure those systems are adequately protected using additional measures such as network isolation, & application whitelisting.
Backup and Resilience
Review your backup strategy. It’s nearly impossible to guarantee your organization won’t be hit by a ransomware attack. However, you can curtail potential damage by ensuring all your critical data is included in your backup jobs and maintaining multiple copies of important files – including one that is completely offsite. In addition, review and verify versioning and retention policies for SaaS such as SharePoint Online, OneDrive for Business, and Exchange Online.
Links and Attachments
Don’t click on links or open attachments from people you don’t know. Ransomware can spread through infected email attachments or malicious websites.
Threat Detection and Prevention
Employ company-wide antivirus and threat detection services. Some advanced Spam Filtering services have features that can protect against malicious links sent through email. The URLs are rewritten to point your browser to their service. The service will then analyse the site in real-time and block you if it’s malicious or transparently redirect you to the site if it’s safe.
Resource Restrictions and Privileges
Lock down network resources. You can also minimize your risk of attack by limiting who can access data. Secure your file shares by granting access only to those who need it. From a networking perspective, network access should be limited to what is necessary, both internally on your corporate LAN and externally from the Internet.
Ransomware is a particularly tricky attack to avoid. When it hits, it hits hard. So it’s always important to measure the risks that your company is taking when affective defences aren’t in place to stop these types of exploits. It’s a measurement of how important your company and client’s data is to you and how valuable your reputation is as a business. By following the above pointers, you can reduce your chance of being hit by another ransomware attack – potentially saving your company.