Ransomware continues to pose a serious threat to organizations, regardless of size or industry. High-profile incidents continued to dominate news headlines in 2018, including attacks against the City of Atlanta, Syrian victims of Gandcrab, and the healthcare and government organizations that were hard hit by the SamSam.
But what can enterprises do to reduce exposure to—and damage from—ransomware attacks? The latest in-depth white paper from ESET, “Ransomware: An Enterprise Perspective,” aims to answer this question. Here, we break down some of the top takeaways:
- Inventory your internet-facing assets. This may seem straightforward, but as enterprises grow, it’s easy to lose track of internet-facing assets. Ransomware attacks via RDP (remote desktop protocol) require more effort than email-based phishing/spam attacks, but if successful, they can evade endpoint protection and rapidly compromise multiple systems in a single organization. ESET has frequently found organizations suffer ransomware attacks via internet-connected assets that the organizations did not even know existed until after the attacks began. Prevent that from happening by forbidding employees and contractors from connecting physical or virtual servers to your network unless those servers are securely configured.
- Filter your email addresses for spam and phishing messages. Ransomware via email is still a common occurrence, even as cybercriminals shift their focus to remote access-enabled servers. Consider blocking all attachment types that your business does not normally use, and you should be using centrally managed endpoint protection software across your network. Consider a cloud security sandbox product such as ESET Dynamic Threat Defense to prevent ransomware from ever executing in a production environment, as well as endpoint detection and response (EDR) solutions to assist manual threat-hunting efforts on your networks.
- Limit the number of machines that an attack can reach from a single entry point. The Lab Corp ransomware attack earlier this year hit 45,000 PCs and 4,000 servers at an astonishing speed. This defensive technique could also have helped Target avoid its November 2013 breach. Every organization must understand the security strengths and weaknesses of its current network architecture.
- Regularly patch your systems and back up your data. Patching your systems closes off potential avenues for attack and can prevent or reduce damage from ransomware. Organizations that quickly patched the Windows File and Printer Sharing Service (SMB) in the wake of Microsoft Security Bulletin MS17-010 were protected from the EternalBlue exploit used to spread WannaCry and NotPetya. And there are many comprehensive and cost-effective backup and recovery options on the market today—remote, on-premise and hybrid. This is a simple way to avoid downtime and lost productivity.
- Have a policy in place in case of a ransomware attack. Having a policy in place beforehand can ensure business continuity if your organization is impacted by ransomware. Make sure your policy addresses who is the first point of contact in case of a ransomware attack, lists company policy on paying ransomware demands, and identifies the contact who is allowed to pay or negotiate ransom payments. The white paper covers other critically important points that should be in your incident/crisis response plan.
Download our white paper to learn about the ongoing ransomware threat and how your organization can stay protected.
Learn more about leveraging cloud-based sandboxing to stop ransomware upon entry or an EDR solution to proactively detect ransomware that may already exist on your network.