What Is Ransomware and Why Should Your Organization Care?
Ask anyone today about cybercrime and they are most likely to mention ransomware, which is a form of cyberattack that holds your computer and files hostage. Attackers then demand payment to unlock the files.
The severity and sophistication of recent ransomware attacks have increased, and businesses both large and small have fallen victim. However, bad actors are not targeting businesses alone—ransomware attacks have also been affecting educational facilities, health institutions, charities, even private individuals.
What Is Ransomware?
Ransomware is a form of malware, short for “malicious software,” in which the attacker encrypts users’ files and demands a ransom, usually anywhere from a few hundred to millions of dollars, in exchange for the decryption key.
Once ransomware infects your system, your data become encrypted. The attacker then asks that you pay a ransom to unlock your data, typically via Bitcoin or other cryptocurrency. However, paying the ransom is no guarantee you will get your data back. Even if you do, you are potentially marked as a future target.
Ransomware continues to bring organizations of all shapes and sizes to a standstill. For example, the attack on Colonial Pipeline shut down the company’s natural gas pipeline, leaving thousands of gas stations in the southeast U.S. without fuel. Additionally, the March 2021 attack on Buffalo Public Schools forced the school district to cancel all remote and on-site classes as it conducted various investigation and recovery steps.
Common Types of Ransomware
Ransomware comes in a few different variants that you may have heard of, such as NotPetya, WannaCry, and Bad Rabbit, but it falls into two main types:
- Crypto-ransomware that encrypts data
- Locker ransomware that restricts access to a computer
How to Protect Your Organization Against Ransomware
Fortunately, there are things you can do to increase your protection, such as patching your systems regularly, either through automation or auto-updates, replacing legacy systems, and removing end-of-life (EOL) systems and applications from your operations.
Other basic controls to consider putting in place include:
- Create regular backups of all data you want to safeguard and store.
- Ensure your data cannot be modified or deleted from any storage system.
- Divide your network into several segments, commonly referred to as network segmentation.
- Install antivirus software on all of your devices and make sure the software provides alerts in real-time.
- Update operating systems, applications, and device firmware as soon as new patches are available.
- Look for new or unrecognized user accounts on servers, workstations, and Active Directory.
- Audit user accounts with administrative privileges and configure access controls to maintain least privilege, a security concept in which users only get minimum access levels or permissions. (Tip: Never assign administrative privileges to all your users.)
- Disable the Remote Desktop Protocol (RDP) unless absolutely necessary. Disable unused ports, and monitor RDP logs for unusual activity.
- To keep your organization safe from potentially malicious emails, attach a warning banner that says something like, “Attention: This is an external email. Proceed with caution.” This has the desired effect of alerting your staff to possible risks.
- Disable hyperlinks in inbound emails.
- Identify Indicators of Compromise (IOCs)—e.g., unknown files or applications, unusual traffic, suspicious user activity—through continuous threat monitoring.
Safeguard Your Organization with Microsoft Defender
Through Microsoft’s Advanced Threat Protection, a feature of Microsoft Defender, you can prevent your organization from falling victim to ransomware attacks. Microsoft Threat Protection safeguards identities, endpoints, user data, cloud applications, and your entire infrastructure, whether on-premises or in the cloud.
And if you need security experts on your side to get the most out of Microsoft Defender, Forsyte I.T. Solutions, a Certified Microsoft Gold Partner, offers managed cybersecurity services to help you secure your network, so your assets and organization are adequately protected against ransomware. To learn more, contact Forsyte today.
Driving Technology Innovation.