How to protect yourself

Ransomware, the devastating cybercrime that locks people and corporations out of their files and demands money for their safe return, continues to rise. According to the New York Times, more than 200,000 organizations submitted files that were compromised in a ransomware attack, up 41 percent from 2018.  Payment amounts increased to more than $84,000 in Q4 2019, more than double from Q3. Payment demands in the millions are not unheard of–you’ve probably heard of them in the news over the past few years.

The FBI doesn’t recommend organizations pay the ransom for a few reasons: For one, it just encourages the perpetrators, and two, there’s no guarantee you’ll get your data back. Third, as the saying goes, “there’s no honor among thieves.” Once you’ve been breached, there’s really nothing stopping the hackers from releasing your data on the dark web anyway, even if you pay up.

So what can you do to protect yourself? Below are three tips on how to keep sensitive and valuable data safe:

1. Email and web filtering to prevent it from getting to you in the first place: Most ransomware infections start with email phishing attacks. While spam filtering is a given these days on email applications, attacks are growing in sophistication. Train your employees to recognize phishing before it happens, and set strict rules regarding traffic coming in and out of your network.
2. Restrict user permissions as much as possible: This could help prevent the infection from spreading. When only a few people have administrative access to valuable company data, it renders malware more annoying than dangerous when it hits the wrong people. That being said, those few with admin access are considered high-value targets, so keeping them regularly abreast of security policy and procedure is especially important.
3. Backup, backup, backup: The common rule is 3 backups of your data, on 2 different media, with 1 offsite. Ransomware is increasingly able to infect not only employee computers on the company network but any backups located on that network as well. Keep regular backups of your data (your organization will need to determine how much data loss they can live within the event of an attack and plan its backup/DR strategy accordingly) and ensure one of them is offsite. Then, TEST your backups. In the event of a ransomware attack, you don’t want to find out your backups can’t restore.

Finally, In terms of a broader security strategy, adopting a zero trust model can go a long way towards strengthening your security posture. While there is no bulletproof method to prevent cyber-attacks (due to their ever-evolving sophistication and our own penchant for making mistakes), the more proactive you are, the faster you can respond to a breach if and when it does happen. By following the above tips, you can be better prepared for ransomware.

If you’re looking to protect yourself from ransomware, Otava can help. Our cloud backup powered by Veeam offers ransomware protection in the form of our ransomware protected data replicas. With 7-day backup protection leveraging Veeam Insider Protection, we ensure your data remains intact even if a malicious third party remotely wipes your backup data. Contact us to learn more.

Resource: https://www.forbes.com/sites/forbestechcouncil/2020/02/11/ransomware-is-back-tips-for-avoiding-the-growing-context-based-ransomware/#65e2af04b56d