How to Protect Your Network from Ransomware Tips from the FBI

The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.” Individuals don’t need to possess a certain skill set, but rather, malware developers advertise their ransomware on the dark web to be distributed by less sophisticated attackers. This allows developers/advertisers to take their cut from the ransom amount paid.
 
The cyber criminals behind these attacks aren’t necessarily picky; they target big companies, small businesses, government entities, and individuals. But the damage they cause to small- and medium-size businesses (SMBs) is particularly alarming. A recent report by a security firm last year noted that 22% of SMBs affected by ransomware had to cease operations immediately. One-third had suffered a ransomware attack in the previous year.
 
“If you haven’t been a victim of ransomware or any other type of computer attack, you have to operate as if it’s just a matter of time before you are – and take the steps to protect yourself and mitigate the resulting damage or loss,” says Sheraun Howard, supervisory special agent with the FBI’s Cyber Division in Washington, D.C.
 
How it Works
While the names, details, and entry points of each attack vary, the concept remains the same. First, the bad actors deliver the ransomware. This is often done by spearphishing emails – targeted phishing emails aimed at specific employees that contain personal details to perpetuate the fraud. These emails or email attachments will contain an exploit for a particular software application vulnerability that provides the attacker access to your computer. After the attacker has access to your computer, they typically use additional malware to propagate throughout your network and drop their ransomware onto your environment. Once the ransomware has been delivered in one way or another, it prevents the targeted user from accessing their data or systems by encrypting their files. The targets receive an email, text file, or screen message demanding that they pay a ransom in order to regain that access.
 
How to Defend Yourself
The FBI recommends that all businesses take the following steps to reduce their risk of a ransomware attack:
 
  1. Educate your employees about the risks
  2. Create a security incident response plan
  3. Update and patch software and firmware
  4. Manage privileged accounts
  5. Audit user access to your systems
  6. Use firewalls, spam filters, and anti-virus programs
 
These six recommendations are a solid start for individuals and companies, but at some point, advanced threat protection with Co-Managed SIEM will need to be evaluated and adopted to truly stay ahead of attacks.