Much like the coronavirus itself, virus-themed ransomware attacks are spreading relentlessly. However, there are several relatively simple steps you can take to flatten the curve of these malicious campaigns.
Cybercriminals commonly launch attacks designed to play on widespread fear and uncertainty during major world crises. Analysts say the COVID-19 pandemic has presented crooks with a distinctive opportunity due to diminished security practices in a work-from-home world.
One new study reports an astonishing 30,000 percent increase in malicious activity related to the pandemic. According to the Zscaler study, coronavirus-themed attacks jumped from 1,200 in January to 380,000 in March. Many of these campaigns use phishing lures to trick users into clicking on malicious links that surreptitiously install ransomware on their computers, laptops or smartphones.
Here are some key steps organizations can take to limit their exposure to ransomware attacks:
Perform Regular Backups. Good backup practices represent the chief defense against ransomware. Performing frequent backups and verifying they are working properly ensures that data, files, applications and other resources can be reliably accessed in the event of a ransomware attack that encrypts your files. Because ransomware can spread across the IT environment and can affect backup systems, organizations should ensure that backups are isolated to ensure they aren’t affected. This can be done with an “air-gapped” environment, cloud backups or by physically storing backup data offline.
Employee Education. With huge numbers of people working from home, effective security today is heavily dependent upon employee awareness. Organizations can use the company intranet or portal to provide regular training for remote employees. Testing employees with simulated phishing emails helps ensure they can recognize current threats and techniques. Training programs should emphasize three essential practices — don't open emails from senders you don't recognize, don’t click on email links if you aren’t certain it is legitimate, and don’t open email attachments unless they are expected and come from a trusted source.
Scan and Filter Email. Email filters scan incoming messages for known malware, spam messages and executable files before they reach users, which significantly reduces the chances that malicious files will be opened by unsuspecting users. Hosted filtering solutions are also available that eliminate the need to purchase, deploy and maintain the solution.
Update and Patch Computers. Unpatched applications and operating systems are the target of most ransomware attacks. Create a process for pushing the latest updates and patches to remote workers over the company VPN. Better yet, work with a managed services provider such as Verteks with expertise in automated patching solutions that can automatically discover what remote devices and apps exist on your network and can track their patch status.
Restrict User Permissions. To minimize the risk of remote workers inadvertently downloading malicious software, limit their ability to install and run new applications. Using identity access management (IAM) tools to enforce least-privilege access principles ensures users can only access the data and systems necessary for their jobs. Such restrictions help prevent malware from spreading through a network.
Have a Containment Strategy. In the event of a successful attack, infected computers should be isolated as soon as possible to protect networked and shared resources. Change all network passwords and online account passwords as soon as possible. Work with a forensics expert to learn as much as possible about the source of the infection before wiping and reimaging the machine.
Security researchers say global ransomware damage is approaching $20 billion per year. The risk is even more pronounced now as cybercriminals seek to exploit anxiety about the ongoing pandemic.
Verteks can help you protect your company and users with our ransomware prevention and removal services. With integrated artificial intelligence, our monitoring solutions can identify and contain ransomware before it spreads throughout your network. Call us to learn more about how we can help support the security requirements of your remote workforce.