Ransomware Prevention Checklist

silhouette of a hooded man with the text ransomware where his face would be
Let's Talk

The Threat Grows

If the recent attack on Kaseya shows anything, it’s that ransomware isn’t going anywhere. Conducted by REvil, the attack impacted some 1,500 or more businesses worldwide. The ransomware gang demanded $70 million to restore the data from those businesses affected, primarily companies in the SMB sector. Make sure you don’t become the victim of an attack by reviewing the ransomware prevention checklist at the bottom of this article.

Although Kaseya was a high-profile attack, several other attacks have made big headlines through the first half of the year:

AttackRansomware
Colonial Pipeline$4.4 million paid
Brenntag$4.4 million paid
Buffalo Public SchoolsUnspecified
Acer$50 million demand
JBS Foods$11 million paid
Quanta Computer$50 million demand
National Basketball Association (NBA)Unspecified
AXAUnspecified
CNA Financial$40 million paid
CD ProjektUnpaid, backups used to restore data
KIA Motors$20 million demand

If you look at the number of attacks in 2021 thus far, each month has seen a more significant number of attacks than last 2021. April saw a significant escalation in activity (BlackFog).

Equally important, attackers are moving beyond data theft in many cases to take control of a company’s operations. The goal is to create production slowdowns and create downtime to impact a business. As a result, ransomware attacks are now migrating to manufacturers, industrial companies, and other operations relying on physical infrastructure.

Ransomware Payments Increase

In 2017, Cybersecurity Ventures advised that ransomware damage would cost $5 billion. That number increased to $8 billion in 2018, followed by $11.5 billion in 2019. Ransomware predictions for 2021 indicate costs will soar to $20 billion, more than 57 times that of 2015. These numbers make ransomware the fastest-growing form of cybercrime.

On top of initial payments, cyber criminals are moving to double-extortion measures where they steal sensitive data before encrypting files. They then threaten to publish the data if the ransom goes unpaid. According to Checkpoint, there’s been a 50% increase in the daily average of double-extortion ransomware attacks.

Using this technique allows hackers to benefit without an actual ransomware payment. Healthcare records, for example, sell for between $100 and $500 on the dark web.

Ransomware Prevention Checklist

With this kind of threat landscape, an ounce of prevention is worth a pound of cure, as the adage reflects. There’s no reason to leave yourself exposed to ransomware attacks when you can take steps to help prevent them.

This ransomware prevention checklist provides insights into measures you can take to reduce your risk.

First Line of Defense

 Implement an automated backup solution using the cloud, software, or hardware
 Ensure all possible data requiring access is backup up, including mobile and USB storage
 Ensure your data is safe, redundant, and easily accessible once backed up
 Regularly test the recovery function of your backup and restoration process. Test the data integrity of physical backups and ease of recovery for online and software-based backups for at least the last 3 or 4 months

Second Line of Defense

 Install and use a firewall
 Deploy anti-spam and anti-phishing software or dedicated hardware
 Ensure everyone in the organization is the latest generation of endpoint protection along with whitelisting and real-time executable blocking
 Routinely update and patch all applications and operating system components with vulnerabilities
 Insist on remote log-in through a VPN

Third Line of Defense

 Implement Data Leak Prevention (DLP) tools
 Use least-permissive permissions for file, folder, application, and database access
 Require multi-factor authentication for all access
 Enable system logs to track data movements
 Use traffic analysis to note any unusual data movements across computers and networks
 Encrypt data to prevent easy unauthorized copying

Fourth Line of Defense

 Conduct cyber awareness training to educate personnel on what to look for to prevent criminal applications from being downloaded and executed
 Conduct frequent, simulated phishing attacks to inoculate users against cyber threats; conduct testing monthly
 Enable system logs to track data movements

 

Get Your Head Out of the Sand

Ransomware is serious business. No company is safe. So, even if you think your small organization is immune, think again.

The Kaseya attacks debilitated smaller businesses like accounting firms, doctor’s offices, retailers, and a host of other SMBs. By targeting a managed service provider, the hacker could move laterally and access the provider’s accounts.

That raises a critical point. Make sure your managed service provider has control of its operation. If they aren’t protecting their infrastructure, it’s doubtful they’ll defend yours. In this case, the MSP failed to have proper tools in place to prevent such an attack.

We specialize in small to medium-sized businesses. So, we know the common vulnerabilities attached to your organization. More importantly, we know how to mitigate them to make you virtually immune from a cyber-attack.

Talk to us about our cybersecurity services and ask us about a vulnerability test. We’ll uncover the issues that make you susceptible to attack and get them remediated in short order. We can also set you up with cyber awareness training to alert your employees to ransomware dangers and how to spot phishing and smishing attacks.

Experiencing similar challenges?

We'll Eliminate Your Technology Hurdles

At IntermixIT, we approach your business challenges from experience. We deploy best practices in delivering all our IT solutions. We’ll drive your IT success.

Don't Settle for Poor Support from Your Managed IT Service Provider​
We’ll Deliver a Customer Experience that Drives IT Success.

Book Your 13-Minute Consultation