Ransomware Threats are Evolving. Over the last few years, we have seen ransomware move from file decryption to complete data theft. As the threat from ransomware changes and grows, do we need to change the way we try to prevent it?
For instance, having offline back-ups in place to restore data in the event that the data becomes encrypted is very important. If the hackers also steal your data while they’ve gained access to your network and are now threatening to expose that same data unless you pay, then those back-ups seem less important. You can certainly restore the data yourself with those back-ups, but how do you now keep that data from being leaked out?
In a recent interview with ZDNet, Fernando Ruiz, head of operations at Europol's European Cybercrime Centre (EC3) outlined three steps to prevent ransomware from getting into your systems. Europol is also one of the organizations behind the No More Ransom project which helps organizations by offering free decryption tools.
Step 1: Ensure all Systems are Up To Date
This is critical. Especially when it comes to anti malware software. You definitely want to your software to be able to stop the malware before it enters your system. Patching all operating systems and other critical software and devices are also important, as hackers will use these vulnerabilities to install ransomware.
Step 2: Offline Back-ups are Still Important
Keeping offline back-ups are key should you ever need to restore your systems. Keeping the back-ups offline will also make it impossible for hackers to encrypt your back-ups (it’s happened). The Tech Republic recommends “implementing and maintaining a centralized backup system or official configuration that covers protected directories and devices. It should also include all other aspects of end user data, such as messaging systems, databases, and instant messaging information.” Company policies about back-ups should also be made known to all staff, to ensure records are stored properly.
Step 3: Cyber Awareness Training is a Must!
Knowing what a cyber attack looks like is half the battle when it comes to cyber security. And this is not something just for the IT department. Anyone in an organization who uses a computer connected to the internet must be trained in cyber awareness. The phishing box estimates that 70% of all cyber attacks use phishing. So, ensuring your staff doesn’t open a bad email, or click a bad link is important.
If you need help with vulnerability management, offline back-up solutions or cyber awareness training, Uzado is here to help. Contact us today!