Ransomware Prevention Checklist

image of a key with ransomware written over it
Let's Talk

The Threat Grows

If the attack earlier this year on Kaseya shows anything, ransomware isn’t going anywhere. Conducted by REvil, the attack impacted some 1,500 or more businesses worldwide. The ransomware gang demanded $70 million to restore the data from those affected, primarily companies in the SMB sector. By the way, you’ll find tips on how to prevent an attack from happening on you with the ransomware prevention checklist later in this article.

A 2021 report by Fortinet reflects how much ransomware has progressed. Here are some of the data from that report:

  • 67% of organizations have been a target of ransomware attacks
  • 16% have been hit three or more times
  • 96% feel at least moderately prepared (despite the % of attacks indicating otherwise)

As for the why behind the attacks, these insights point to a lack of cyber awareness training:

  • Nearly a third (32%) of companies directly state there’s a lack of security awareness training
  • 61% have user training – but only as part of an incident response plan 
  • 58% of ransomware attacks in North America start with phishing a user

More High-Profile Ransoware Attacks

Although Kaseya was a high-profile attack, several other attacks have made big headlines through the first half of the year:

AttackRansomware
Colonial Pipeline$4.4 million paid
Brenntag$4.4 million paid
Buffalo Public SchoolsUnspecified
Acer$50 million demand
JBS Foods$11 million paid
Quanta Computer$50 million demand
National Basketball Association (NBA)Unspecified
AXAUnspecified
CNA Financial$40 million paid
CD ProjektUnpaid, backups used to restore data
KIA Motors$20 million demand

Looking at the number of attacks in 2021 thus far, each month has seen a more significant number of attacks than last 2021. For example, April saw a significant escalation in activity (BlackFog).

Equally important, attackers are moving beyond data theft in many cases to take control of a company’s operations. The goal is to create production slowdowns and create downtime to impact a business. As a result, ransomware attacks are migrating to manufacturers, industrial companies, and other operations relying on physical infrastructure.

Ransomware Payments Increase

In 2017, Cybersecurity Ventures advised that ransomware damage would cost $5 billion. More important, that number increased to $8 billion in 2018, followed by $11.5 billion in 2019. Indeed, ransomware predictions for 2021 indicate costs will soar to $20 billion, more than 57 times that of 2015. These numbers make ransomware the fastest-growing form of cybercrime.

On top of initial payments, cyber criminals are moving to double-extortion measures where they steal sensitive data before encrypting files. Then, they threaten to publish the data if the ransom goes unpaid. According to Checkpoint, there’s been a 50% increase in the daily average of double-extortion ransomware attacks.

Using this technique allows hackers to benefit without an actual ransomware payment. Healthcare records, for example, sell for between $100 and $500 on the dark web.

Ransomware Prevention Checklist

With this kind of threat landscape, an ounce of prevention is worth a pound of cure, as the adage reflects. So, there’s no reason to leave yourself exposed to ransomware attacks when you can take steps to help prevent them. The chart below, for example, presents a list of protection and defensive measures essential to secure your organization against ransomware.

Source: Fortinet

In addition to the essentials presented above, this ransomware prevention checklist provides insights into additional measures you can take to reduce your risk. By the way, you can access a FREE ransomware simulator here. It simulates 22 ransomware infection scenarios and one crypto mining infection scenario to show you a vulnerable workstation.

You can protect your firm by implementing these lines of defense:

First Line of Defense

 Implement an automated backup solution using the cloud, software, or hardware
 Ensure all possible data requiring access is backup up, including mobile and USB storage
 Ensure your data is safe, redundant, and easily accessible once backed up
 Regularly test the recovery function of your backup and restoration process. For instance, test the data integrity of physical backups and ease of recovery for online and software-based backups for at least the last 3 or 4 months.

Second Line of Defense

 Install and use a firewall
 Deploy anti-spam and anti-phishing software or dedicated hardware
 Ensure everyone in the organization is the latest generation of endpoint protection and whitelisting and real-time executable blocking.
 Routinely update and patch all applications and operating system components with vulnerabilities.
 Insist on remote log-in through a VPN

Third Line of Defense

 Implement Data Leak Prevention (DLP) tools
 Use least-permissive permissions for file, folder, application, and database access.
 Require multi-factor authentication for all access
 Enable system logs to track data movements
 Use traffic analysis to note any unusual data movements across computers and networks.
 Encrypt data to prevent easy unauthorized copying

Fourth Line of Defense

 Conduct cyber awareness training to educate personnel on what to look for to prevent criminal applications from being downloaded and executed
 Conduct frequent, simulated phishing attacks to inoculate users against cyber threats; conduct testing monthly.
 Enable system logs to track data movements

Get Your Head Out of the Sand

Ransomware is serious business. No company is safe. So, even if you think your small organization is immune, think again.

The Kaseya attacks debilitated smaller businesses like accounting firms, doctor’s offices, retailers, and a host of other SMBs. By targeting a managed service provider, the hacker could move laterally and access the provider’s accounts.

That raises a critical point. First, make sure your managed IT services provider has control of its operation. If they aren’t protecting their infrastructure, it’s doubtful they’ll defend yours. In this case, the MSP failed to have proper tools to prevent such an attack.

Our IT company specializes in small to medium-sized businesses in Harrisburg, York, Lancaster, and surrounding areas. So, we know the common vulnerabilities attached to your organization. But, more importantly, we know how to mitigate them to make you virtually immune from a cyber-attack.

Talk to us about our cybersecurity services and ask about a vulnerability test. We’ll uncover the issues that make you susceptible to attack and get them remediated in short order. We can also set you up with cyber awareness training to alert your employees to ransomware dangers and how to spot phishing and smishing attacks.

Experiencing similar challenges?

We'll Eliminate Your Technology Hurdles

At IntermixIT, we approach your business challenges from experience. We deploy best practices in delivering all our IT solutions. We’ll drive your IT success.

Don't Settle for Poor Support from Your Managed IT Service Provider​
We’ll Deliver a Customer Experience that Drives IT Success.

Book Your 13-Minute Consultation