Back to blog results

October 8, 2019 By Sumo Logic

5 Tips for Preventing Ransomware Attacks

You don't need to be a cybersecurity expert to know that ransomware attacks have become one of today's greatest IT security threats. From WannaCry to the attack against the city of Atlanta, major ransomware exploits have become so commonplace in the last few years that they may seem impossible to avoid.

Fortunately, preventing ransomware is far from impossible. Let's take a look at a few strategies you can put in place to mitigate your risk of becoming part of the next ransomware statistic.

Employ Granular Network Access

Gone are the days when you could define a single perimeter for your infrastructure for all users, then block it off with a firewall in order to keep the resources inside the perimeter secure.

Today, most organizations have no fixed barrier between internal and external resources. Their infrastructure spans from on-premises locations into the cloud. Workers need to be able to connect remotely from unknown endpoints. They may also bring their own devices onto the network, whether or not your policy permits it.

The highly complex nature of modern infrastructure and the fact that it can't be effectively isolated with a simple firewall means that DevOps teams need to take a different approach to mitigating their infrastructure's exposure to the wilds of the public Internet. Using VPNs and/or complex firewall configurations, they should set up network access in a granular fashion. Each employee should be required to log in from a secure environment, and should only be able to access the specific resources that he or she needs.

This type of configuration requires more work to establish. It may sometimes mean that a misconfiguration prevents an employee from accessing a resource he should be able to use. But if it helps to stop ransomware, this strategy is worth it.

Back Up Data

There are lots of reasons why you should be backing up your organization's data regularly. Hopefully you're already doing it.

But if you need one more motivation for setting up routine backup scripts, think about ransomware—and consider that not all ransomware attacks target data. Some are designed to lock users out of their computers, and those that encrypt data until a ransom is paid can be devastating for organizations that rely on data to do business.

If you have data backups, you can restore your data from the backups rather than paying a ransom.

The important factor to keep in mind here, however, is that your data backups could potentially become infected with ransomware, in the event that ransomware programs infiltrate your systems prior to your backups. This is one reason why it's useful to keep multiple iterations of data backups on hand. For example, maybe you back up your data once per day and keep a week's worth of backups, or maybe you do weekly backups and keep each for a couple of months. You don't want to restore your data only to discover that it instantly becomes subject to ransomware again.

Embrace a Multi-Cloud Strategy

Ransomware that is designed to hold systems hostage until a ransom is paid can be thwarted in some cases by employing a multi-cloud strategy. If you spread workloads across multiple clouds, ransomware attackers may only be able to take control of one of the clouds. That leaves you with the ability to keep operating instead of paying the ransom in order to restore business continuity.

Not all ransomware attacks involve public cloud resources, and depending on how they are executed, even a multi-cloud architecture may not save you. But it can't hurt when it comes to mitigating ransomware risks.

Educate Employees

There is a widespread perception that ransomware typically spreads via social engineering. An employee is tricked into clicking a malicious link in an email or downloading a malicious file, providing attackers with a backdoor into internal systems that they then hold for ransom.

In reality, ransomware attacks don't necessarily happen this way. WannaCry was spread by targeting vulnerable SMB ports, for example (despite false news reports claiming that it spread by email).

That said, social engineering is sometimes a pathway for ransomware to take control of your systems. And the best defense against social engineering is to educate employees about the dangers of doing things they should not on your IT infrastructure.

Employee education might also involve establishing a company policy about what to do in the event that ransomware strikes, and making sure employees know that they should follow that policy. You probably don't want your employees making individual decisions about whether they should just pay the ransom in order to restore access to systems.

Use Non-Traditional Workstation Operating Systems

Ransomware attacks tend to exploit vulnerabilities in specific operating systems in order to take data or systems hostage. And it's a fact that most ransomware attacks to date have involved Windows systems.

This isn't to say that Windows is necessarily less secure than the alternatives. It may just be the case that attackers zero in on Windows because Windows workstations are the biggest target for ransomware.

Still, the fact remains that as long as most ransomware attacks continue to target Windows, one easy way to mitigate your risk is to use a different operating system for employees' workstations, like macOS, or even better, Linux. Chances are that most of your employees don't really need Windows-specific applications anyway—These days, you can do most everything in a Web browser. Maybe some employees do truly need Windows workstations, but for those who don't, you can make yourself a smaller target by running alternative operating systems.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic

More posts by Sumo Logic.

People who read this also enjoyed