Chris Swagler | October 20th, 2022

Ransomware has emerged as a clear and present danger for entities of every industry and size. Attacks are becoming more common these days and extracting larger ransom payments. Even though no one wants to pay the ransom demands, experience downtime, manage public relations crises, and sustain reputation damage they are all unfortunate components of cyberattacks. Additionally, paying the ransom doesn’t guarantee that companies will recover fully, and ransom payments can violate federal regulations. With no guarantees after ransomware attacks, the best way for companies to protect themselves is to plan for the worst. Simply saying no to cyber criminals is the most empowering thing company leaders can do. To truly utilize that power, companies need to put themselves in a position to do so, which includes implementing a zero-trust, zero-tolerance environment. This can significantly improve companies’ ransomware defenses.

Proactivity is a good way to remain vigilant in all aspects of cybersecurity. From the ground up, companies need to operate as if they will be targeted by ransomware attacks. Companies’ staff members are the first line of defense. Human error is the leading cause of cybercrimes; however, employees can prevent ransomware by understanding how it enters their systems. Assure that companies’ team understands how to recognize and avoid suspicious links, email attachments, downloads, or USB drives.

Employees should never give out personal information and avoid using public Wi-Fi. Keep an eye out for outdated hardware and software because aging hardware and unpatched software are incapable of preventing evolving cybercrime tactics. Before it’s too late, companies need to upgrade their vulnerable equipment with modern, safe devices. Having backups are the last line of defense and perhaps the most important. Numerous company owners understand the importance of backups, however, simply having backups is no longer a best practice. Backups need to be optimized, tested, and air-gapped. Backup optimization begins with ensuring that companies’ mission-critical data and services can be restored when they need them. Backups tests need to be conducted frequently. The peace of mind that companies’ backups are restored effectively and quickly is worth knowing that companies can deflect attacks.

When companies airgap their backups, they have copies of their environment that are offline and off-site, completely inaccessible to threat operators as well as an important and underutilized ransomware defense. When companies’ employees have the necessary cybersecurity knowledge and their backups are ready to go, companies must have plans and procedures in place for when attacks occur. In any emergency, step-by-step planning is essential, so companies need to have a disaster recovery plan in place and employees need to have a plan for who does what in the event of an emergency. Additionally, there need to be instructions for communicating the status and next steps to clients.

Having zero-trust implies that all companies’ employees are constantly validated against their credentials, with the authorization granted using multifactor authentication. The practice of granting each employee only the authorization they require is the least privilege. The best way to prevent and mitigate the effects of ransomware is to combine zero trust and least privilege. Those with access to the least critical data, requiring employees to prove their identity regularly closes the door on vulnerabilities as they emerge. Most ransomware attacks are the result of compromised credentials. Limiting access given to each credentialed employee prevents data not authorized to employees from being encrypted.

Cybercriminals won’t always launch ransomware attacks immediately after gaining access to companies’ data. Encrypting data and removing it from companies’ systems takes time and gives companies time to notice that something is wrong. Proactive monitoring is critical for preventing ransomware. If companies’ trusted IT professionals notice any unusual activities, including numerous changes to their files in a short period of time, companies can prevent it before things get out of hand. Even if companies are unable to completely prevent attacks, they can limit the damage, saving companies thousands of dollars and their reputation.

If attacks sneak through company systems, there are still ways to mitigate the damage. Companies first need to take an in-depth snapshot of their systems so they can see what was changed. During ransomware attacks, companies shouldn’t rush to pay the ransom. There are questions companies should be asking themselves before surrendering to their data’s threat operators. Can companies fully and timely recover their systems by paying the ransom? If that’s the case, say no! What other alternatives do companies have? Do they believe that threat actors will keep their word even if companies pay? Will companies be required to pay a large legal penalty in addition to the ransom? Are companies required by law to notify their clients or local government agencies about the attacks?

In crisis, these questions should serve as a guide for companies when making decisions. The last thing companies want is to make things worse for themselves while paying their ransom and losing lots of money. Avoiding ransomware begins long before attacks target companies. It’s critical to be proactive in preventing ransomware attacks and minimizing their impact when they occur. With tactics continuously evolving, if companies are prepared for their defenses as a matter of “when,” not “if,” ransomware attacks will target companies, they can still come on top. Additionally, companies need to always remain ahead of the current threat landscape and regularly keep data network backups off-site.

At SpearTip, our pre-breach advisory services allow us to examine companies’ security posture to improve weak points in their networks. Our certified engineers engage in companies’ people, processes, and technology to truly measure the maturity of technical environments. To uncover any vulnerability, our engineers provide technical roadmaps ensuring companies have the awareness and support to optimize their overall cyber security posture. ShadowSpear Threat Hunting evaluates the effectiveness of current security measures, including email systems, to determine the overall health of an environment and prevent breaches.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.