VLCM’s cybersecurity team is consistently monitoring all types of cyber-attacks to determine how wide spread they are, the severity of the attacks and what impact they could have on our customers.
Recently there has been a significant increase in the number of ransomware attacks against both public and private organizations, and these attacks are more sophisticated and coordinated. Therefore, we felt it necessary to notify our customers about this very serious issue, and how to protect your organization from a ransomware attack.
Ransomware is malware that encrypts all the data on a user’s system. Some variants of ransomware can transverse across a network and encrypt the data on all systems connected to the network. The only way to recover the files is to pay the ransom to get a decryption key. However, the FBI advises that victims of a ransomware attack to not pay the ransom.
VLCM believes the best approach to preventing a ransomware attack is to have a sound cybersecurity strategy. The core of any cybersecurity strategy should include the following:
- Identifying mission-critical data and systems is a crucial step because you can’t protect what you don’t know you have. Utilizing an active discovery and inventory tool that can identify system and device assets connected to your networks will help you to control and maintain a detailed inventory of those assets.
- Protect your mission-critical data and systems by:
- Ensuring that all systems have the latest OS updates, security patches, and third-party application patches. There are several tools available to provide automated patch management.
- Because email is one of the most frequently used attack methods for ransomware, organizations need to ensure they have a robust email security solution in place that can identify emails containing links and documents that have malicious code, preventing those emails from reaching the end-user.
- Creating scheduled, isolated, and fast recovery backups (preferably 3 copies) and snapshots of your data and store a copy at a secure off-site location. Ensure your backups are encrypted and perform a recovery test of your backups on a periodic basis.
- Disabling remote desktop protocol (RDP) ports and denying all RDP connections. Several variants of ransomware have successfully compromised servers via RDP.
- Detect and respond to ransomware activity by deploying continuous monitoring tools, including next generation endpoint protection, detection, and response solutions. These tools can detect and stop an attack before it starts and can even roll back systems to a prior state.
- Provide security awareness training to your employees, because email is one of the most frequently used attack methods for a ransomware attack. Educating employees about how to identify these emails will help to reduce the potential for a successful ransomware attack.
- Insuring you have an adequate level cybersecurity insurance that covers a ransomware attack. However, cybersecurity insurance should never be considered a substitute for robust cybersecurity controls.
These recommendations are the core components of an overall comprehensive cybersecurity strategy.
If you have any questions about ransomware or any of these recommendations, please feel free to contact one of our cybersecurity solutions architects at 1-800-817-1504.