Ransomware: A problem to be solved

There is no silver bullet for ransomware which is one of the reasons vendors and other stakeholders are getting together in working groups to develop strategies to prevent the problem.

However, what can be done now.

First is recognising it targets all companies not just IT companies, manufacturing, healthcare, education, critical infrastructure, finance, councils, and many other sectors have all been attacked. You will not be immune, security by obscurity does not work.

Secondly you need to prepare by assuming the worse, keep secure backups, test your backups, plan for an incident and the response and test that response. Be that scout "Be Prepared"

Thirdly reduce the attack surface area by patching promptly, upgrading End of Life (EoL) software and hardware, ensure configurations are secure, use of MFA and credential best practise, limit access rights to those who need it and given them the minimum privileges. Ensure you are secure internally as you are on the perimeter, divide the network into security zones.

Fourthly train and test your employees and 3rd parties around social engineering and phishing, train them in incident response.

Finally deploy anti-malware, intrusion detection and other detection systems, detecting an attack as soon as possible reduces dwell time and potentially the impact.

The mantra for preventing ransomware and other cybercrime is “Hardening your systems, train your staff, test your responses.” Majority of victims of ransomware are not IT companies, they may not have the internal resources to manage their own IT fully. It could be that IT is considered an auxiliary support function rather than a core part of business, which it is these days. To implement the many defences and layer them correct an organisation may need help to achieve the required protection, do not be afraid to get outside help, in the UK the NCSC offer guidance to SMEs and other companies, read it, and follow it.

Insurance companies and governments need to consider that paying ransoms encourages attackers, they need to consider strategies that reduce attacks by encouraging the prevention rather than short term solutions such as paying ransoms. Insurance normally only pays for restoring your systems to where they were before the attack and not for improving your systems to prevent further attacks. Even paying the ransom means there are additional costs to restore and then improve your systems to recover from the attack and prevent future attacks.

Ransomware can be crippling to a victim and just in the financial sense, an investment in prevention that only prevents ransomware but gives protection against other threats and improves an organisations resilience, a definite Return on Investment (ROI)