Index Engines has identified four strategies that organizations should implement to help protect against ransomware attacks. If your organization has a gap in any of these areas then the risk of attack is enhanced…
Deploy a real-time malware detector
Cybercriminals are looking for the path of least resistance when attempting to break into data centers / centres. Whether it is a use of old attacks hoping to find an insecure target or one of the many new threats created each day hoping to infiltrate a system before they’ve been identified, having one of the commercially available anti-malware software protection solutions deployed is an important first line of defense / defence. Ensure that the software is scheduled for frequent system scans, and that updates and patches are installed automatically to minimize protection gaps.
Deploy a backup solution that supports full-content analysis of your data
Many backup products on the market have some level of analytics functionality to determine whether any particular data has been corrupted. However, many of these solutions are metadata-only based, simply looking at basic information about a file or database. Others use metadata analytics on the first pass and then follow up on suspicious results with content-based analytics. But this approach is flawed and can miss more sophisticated attack vectors, providing a false sense of confidence. A comprehensive content-based analytic scan deployed from the start validates the data’s integrity and delivers the high level of confidence that advanced or hidden attacks are found and neutralized.
Use forensic analysis that includes machine learning
Because of the efforts of real-time malware detection providers and content-based analytic backup solutions, most cybercriminals have to consistently change approaches in their efforts to infect and attack business operations. What was once a bunch of loosely affiliated opportunists have turned into well-funded and organized syndicates using advanced technologies to re-engineer their attacks. Forensic analysis software that employs machine learning and artificial intelligence as part of its learning can detect patterns and anticipate changes that human-based intervention cannot. The cybercriminals are using ML to their advantage; so should you!
Focus on best practices for cyber recovery
Not paying a ransom does not mean that you cannot get your systems back and operational. Nor does it mean that there has to be an excruciatingly long recovery period. The right protection software can turn a ransomware attack into just another disaster recovery scenario. It can find the most recent clean backup prior to an attack and help recover any lost or infected data. In addition, the right cyber recovery tool can launch a post-attack forensic discovery to find the breach and the malware that executed the attack in order to guide the post-attack recovery process and protect against future intrusions.
Don’t pay a ransom
A final point to make is that should your protective strategies fail, don’t pay the ransom.
Because of the swiftness and scale of these cybercriminal activities, it is possible that they may still find a way into your compute and storage infrastructure. Human error, falling for phishing schemes or intentional damage from a disgruntled employee can be the gaps that data thieves need to penetrate organizations that have deployed the proper security defenses. As overwhelming as it may be to find out that your data has been compromised and/or encrypted, don’t play into the hackers’ hands by paying a ransom for a return of your business-critical information. It is possible that you may still not recover your data even after paying. The security exploit that was leveraged may still be intact and cybercriminals may re-target your systems. Criminals may see you as an easy mark for having paid the ransom and have reason to come out you again knowing that you’re willing to pay to get back up and running.