Ask anyone who couldn’t find gas for a long, harrowing week in May 2021, and they’ll tell you — ransomware attacks are real, nightmarish — and on the rise.
The attack on the IT infrastructure of the Colonial Pipeline last month was only the latest — and most visible — reminder of the hazards which lie in wait for the unprepared. In the past, hackers mostly operated on a linear scale, making it easy to predict their next move. These days, it’s more complicated.
Today, ransomware perpetrators carry out more than 4,000 attacks daily — costing affected organizations an average of a quarter million dollars to unlock their sensitive data. And bad actors are carrying out attacks that are more elaborate, targeted, advanced, and broader than ever before.
Of course, the best protection is an aggressive cybersecurity posture — much like what CTI can help deliver to your organization. But there are things you and your employees can do on a daily basis to protect against ransomware attacks and recover from them if they happen.
The National Institute of Standards and Technology (NIST) recently published some tips and tactics on the matter.
What Your Company Can Do
NIST says that companies should:
- Use antivirus software at all times — and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
- Keep all computers fully patched with security updates.
- Use security products or services that block access to known ransomware sites on the internet.
- Configure operating systems or use third-party software to allow only authorized applications to run on computers, thus preventing ransomware from working.
- Restrict or prohibit use of personally owned devices on your organization’s networks and for telework or remote access unless you’re taking extra steps to assure security.
What Your Employees Can Do
NIST also advises users to follow these tips for their work computers:
- Use standard user accounts instead of accounts with administrative privileges whenever possible.
- Avoid using personal applications and websites, such as email, chat and social media, on work computers.
- Avoid opening files, clicking on links, etc. from unknown sources without first checking them for suspicious content. For example, you can run an antivirus scan on a file, and inspect links carefully.
How To Recover Quickly From an Attack
Despite all of these protective measures, bad actors may still worm their way into your systems. Your organization can prepare for this by taking steps to ensure that their information will not be corrupted or lost, and that normal operations can resume quickly.
NIST recommends that organizations follow these steps to accelerate their recovery:
- Develop and implement an incident recovery plan with defined roles and strategies for decision making.
- Carefully plan, implement and test a data backup and restoration strategy. It’s important not only to have secure backups of all your important data, but also to make sure that backups are kept isolated so ransomware can’t readily spread to them.
- Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.
NIST has also published a more detailed fact sheet on how to stay prepared against ransomware attacks. You can find this material and more on ransomware at the NIST and CISA websites.