We are all connected. At least in the world wide web. This is mostly good but there is a bad side to it too. Not all connections are safe. In fact, some connections can lead to harm. Coming to the topic at hand, the increased ease of communication has surely helped people reach out to friends and family with a single click, but that same click can lead to malware entering your network or system and wreaking havoc.
Ransomware is malware that is true to its name. Just like a kidnapper removes the kid from his parents and asks for a sum of money in return for the kid, in ransomware, the attacker develops or uses software specifically designed to gain access and control of the host system or network. Once this is established, it encrypts the entry to that network or system and asks for a ransom in return for giving the access back to the host.
Now that a basic understanding of ransomware is clear, we can better appreciate the importance of the following steps that can limit or prevent it. Obviously, these are just tips and the correct way to go about protecting yourself from ransomware would be to use an ideal cyber defense system like XDR.
- Practice Good Cyber Hygiene – This is highly underrated. Companies spend a lot of money on anti-virus software and on installing a strong firewall but what they forget is that the most common way in which this malware enter the system is due to innocent mistakes by its employees (such as clicking on an innocuous-looking link). If governments and organizations train their staff on good cyber hygiene, it can yield amazing results.
- Ensure Consistent Offline Backups – While most users have recognized the importance of regular backups, there is still not enough awareness about the proper manner in which backups must be taken. A backup done once in a blue moon does not serve any purpose. Similarly, cloud backups cannot rely upon 100%. Consistent offline backups are the way to go.
- Constant Updates – The attackers need an entry point into the system they are looking to target. This entry point, in a lot of cases, is some loophole in any of the applications or software that the organization is using. In this context, it is a crime to use an outdated version of a software or application because the developers come out with constant updates that plug exactly these loopholes or vulnerabilities.
- Protect Network Ports – As stated in the previous point, attackers need an entry point. Sometimes this happens through ports that are left open by an organization. Research has shown that there are two ports that are commonly used by attackers – port 445 (Server Message Block) and port 3389 (Remote Desktop Protocol). Even if the government or private organization needs to keep these ports open for a genuine reason, there must be protected in the form of limiting the connections to only the ones which are trusted.
- Have an Emergency Response Plan – Sure, government websites, and giant corporate systems are the ones most commonly attacked but in this day and age, even the common man is not without sensitive data which can be used by an attacker using ransomware. In such a scenario, it makes sense that at least organizations that have adequate resources develop an emergency response plan in case of such an attack.
- Detect The Intruder – Often, these ransomware attacks are not random. The attackers send signals to the ports so as to check whether a connection is being established or the port is closed. This is a red flag that can only be tracked by a robust Intrusion Detection System (IDS). The IDS can identify such attacks in advance and prevent them by alerting the organization.
- Deception Technology – This is not a primary cyber security strategy but can work wonders in some situations. As the name suggests, it creates an impression in the minds of the attacker that they have successfully infiltrated the host network but in reality that is not so. This ensures that the most sensitive data of an organization can be protected from attackers.
