Did you know that 27% of malware attacks in 2020 were the result of ransomware, according to Gartner?
Ransomware is malware that encrypts the victim's files. The attacker demands payment of a ransom in exchange for a decryption key. The victim is threatened with the disclosure of public data if he fails to pay the ransom.
According to the ITR, ransomware was one of the most common attack vectors in the last quarter of 2020. The popularity of this malware is due to its profitable nature.
HOW TO PROTECT YOUR ORGANIZATION?
Employee Awareness: The best way to protect your business from social engineering attacks is to train employees so they have the knowledge they need to not be tricked into reporting these scams. In addition, employees must be aware of the company's procedure in the face of attempted social engineering. Should they simply delete the email? Should they forward the email to the IT department? What should they do? Employees must always report these situations to ensure their protection and the protection of the organization.
After several awareness actions, employees should have no doubts about what a suspicious email is, think before clicking, not provide personal and confidential information, analyse file extensions, be careful with email attachments, block suspicious emails, among other preventive measures.
To ensure that employees are informed and prepared to defend themselves against a potential attack, the organization should test them by simulating suspicious messages and encourage them to report them.
Asset Inventory: to ensure the protection of its network, the organization must carry out an inventory that contains all its assets (software and hardware). The inventory of devices and solutions connected to the network must always be updated as a preventive measure.
Fix and update your software regularly: Bad actors are always looking for holes in your defences, and they are counting on your team not to patch your software and operating system in a timely fashion. The longer it takes to patch a vulnerability, the more of a chance a bad actor has of finding and exploiting one.
Antivirus and Firewalls: Installing anti-virus and malware software on your email server can help to stop those viruses before they get started. The firewalls keep unauthorized users out of networks and devices and can protect your network from ransomware attempting to infect your machines.
Blocking Plug-ins and Pop-ups: Cybercriminals often target plug-ins to infect devices. The solution is to update plugins regularly or block them.
Pop-ups are also a common attack vector. Use a browser add-on to block pop-ups.
Disable the web the instant you detect suspicious activity: If you detect that you are suffering from a ransomware attack, turn off the internet immediately. Most ransomware needs to establish a connection to their command and control (C&C) servers in the early stages of an attack so that they can complete their encryption routine. If the ransomware cannot contact the Internet, it will not be able to do that.
Limit access to trusted apps: Create a list of trusted apps. Users can only use applications from this list. Applications that are not on this list should be blocked.
Disable remote services and unused Bluetooth connections: To protect your machine from the control of a cybercriminal you should disable remote services to help keep them off your machine. When you are not using any Bluetooth connections, you should turn them off, to prevent malicious people from using these connections to infiltrate your device.
Backup: Protecting your organization's data is essential, so having a backup of your system, both locally and externally, is imperative. The rule is to have three backups in different locations so that attackers cannot access at least one of them. Having the information secure in three different places allows you to not have to pay ransom to hackers to recover your data. Learn the best way to make a backup with the article: "The importance of Backup and the best way to do it".
Third Parties: It is common for attackers to try to use a less protected third party to compromise your organization's data and network. From the moment that third parties gain access to your systems and networks, it will also be affected when they suffer a ransomware attack. Combat this by scrutinizing your vendors before integrating them and making sure they only have access to protected segments of your network.
In conclusion, due to its profitable nature, ransomware malware is becoming popular. The best solution to ensure the protection of your organization is to prevent, make a copy to protect the data in different places (backup), and train your employees, since human error is one of the main causes that weakens an organization.