Software Integrity Blog

 

Ask the Experts: How can we prevent ransomware attacks?

We asked some experts how to prevent ransomware attacks. They explained how to defend against ransomware attacks, and how to recover if all else fails.

Opinion: How to prevent ransomware attacks 2019

Experts across the board agree: The best way to prevent ransomware attacks is to take a multilayered approach. Since the first phase in a ransomware attack almost always involves social engineering, employee cyber security training is a good place to start. But if attackers get in, you’ll need to be able to recover from an attack. Make regular offline backups (and practice restoring them) so you can get back to business quickly.

Whatever you do, don’t just do nothing. Ransomware attacks are on the rise, and no organization is too small to escape attackers’ notice. Plus, since some victims make large ransomware payments to get their data back, ransomware has proven to be profitable, so the problem will only get worse. Some experts even suggest that the best way to prevent ransomware attacks is for the government to make it illegal to pay ransoms. Read on for more advice and opinions.

Help us answer this important #software #security question: What’s the best way to prevent #ransomware attacks?

— Software Integrity (@SW_Integrity) July 23, 2019

Prevent ransomware with end-to-end security measures

The best strategy to deal with ransomware must include both preventive and recovery measures. As any security professional will agree, the first thing everyone must do is keep their systems up to date. It’s extremely difficult, if not impossible, to properly defend unpatched systems against ransomware or any form of malware.

Next, one the most popular sources of infection is Microsoft Office documents sent as email attachments, which are laced with macros that launch ransomware automatically when clicked. Unless otherwise necessary, organizations should consider a system policy that disables all Office macros on each desktop.

Finally, it’s imperative to have a highly effect endpoint protection solution installed on each system—particularly one that leverages machine learning instead of relying upon signatures.

Even with all the prevention, no security scheme is perfect, so in the event of a ransomware infection, having off-line backups for all sensitive data and systems is absolutely critical. “Off-line” is key because ransomware infections are known for attacking and encrypting network-connected backups, which renders them useless.

Follow this guidance and you’ll be in better shape than 99% of the world and properly prepared for any ransomware outbreak.

Jeremiah Grossman, founder of WhiteHat Security, chief of security strategy at SentinelOne

Having offline backups for all sensitive data and systems is absolutely critical.

Require employee training

Employee training…they are your achilles heel

— John Smythe (@Johnsmythe26) July 28, 2019

Require employee training to prevent ransomware attacks.

Prioritize network security

To prevent ransomware attacks, organizations need to make network security a top priority. Deploying anti-virus and anti-malware software is the first step in eliminating cybersecurity breaches. To further protect the network, organizations can restrict access control at certain levels. For instance, the United States Computer Emergency Readiness Team (US-CERT) recommends configuring access controls (file, directory, and network share permissions) with least privilege in mind. In other words, users who require access only to read documents, files, etc., should not be allowed to edit those specific files, directories or shares.

Perry Price, CEO of Renovation Systems

Get off the network

going offline and using a typewriter

— parisogp@outlook.com (@paulrose222) July 25, 2019

Go offline and use a typewriter.

Focus on recovery rather than attacks

I’d reframe the question as: “What’s the best strategy for preventing ransomware attacks from destroying your business?”

Because you’ll never stop successful attacks, the question has to revolve around minimizing the impact.

A well-rehearsed backup and recovery process, an ability to disconnect from the Internet for a day without destroying your business (e.g., have a cold site that is not connected to your hot site until you throw a switch), a well-segmented network architecture with least privilege rulesets at all network connection points, endpoint security, and end-user training.

Sammy Migues, principal scientist at Synopsys

Because you’ll never stop ransomware attacks, the question has to revolve around minimizing the impact.

Create a strong backup plan

Data is a company’s most precious asset, but storing it entails a major responsibility to keep that data safe. This isn’t just the responsibility of the IT or security team. There is a collective obligation across the entire organization. …

Well managed data is easier to locate, utilize and update with the latest security policies, making it easier to protect from attackers. However, you must also make careful, considered decisions about how that data is backed up in the cloud. Prevention is the best option, but when your defenses fail you also need a strong backup plan to protect your most valuable data.

Jasmit Sagoo, senior director, head of technology UK and Ireland at Veritas Technologies

Practice till your backups are perfect

The best strategy to prevent ransomware is to have a robust backup plan. By robust, I mean you back up your crown jewel data and practice restoring it.

Rick Howard, CSO at Palo Alto Networks

Do everything

Its a trick question, you need everything possible and then you might lesson your risk to a relatively acceptable amount.

— 1rebmun (@1rebmun1) July 25, 2019

Don’t pay ransoms; pay for backups instead.

Don’t pay ransoms

The better long-term response is to invest in data backups and recovery mechanisms, because technology failures can happen for many reasons, most of which are not malicious. Large enterprises whose customers need timely access to resources are irresponsible if they don’t have such a plan in place. As for municipal computer systems potentially held hostage, it’s up to citizens to demand that their governments adequately fund IT budgets to meet the rising threats.

Tyler Moore, Tandy associate professor of cybersecurity at University of Tulsa

Offer more support and guidance for organizations

Projects like No More Ransom have been crucial when it comes to fighting ransomware on a global level, with pretty much all major parties cooperating on a global and daily basis, sharing intel in real-time—except for the US.

The US should consider the success of the No More Ransom Project to be a call to action.

Better cooperation between the private sector and law enforcement could result in fewer ransom demands being paid.

That would make cyber-crime less profitable and, consequently, reduce the financial incentive for groups to commit cyber-crime.

Fabian Wosar, head of Emsisoft

There is a way to break the cycle: pass a federal law barring ransomware payments.

Make ransomware payments illegal

There is a way to break the cycle: pass a federal law barring ransomware payments. Along with such a prohibition, funds should be devoted to help cities and states become more secure in the first place, focusing especially on the need to have backups of critical data. Then the Department of Homeland Security could set up a digital ghostbusters task force to help municipalities come back online after an attack. Those that had implemented adequate defenses could get aid from the feds in footing the bill. Those who surrender to hackers would face fines sufficiently larger than the ransom. …

An anti-ransom law would be a dramatic step, but it’s the route to a dramatically positive result.

Editorial Board, Washington Post

Not sure whether your organization is vulnerable to ransomware?

Get a red team assessment

 

More by this author