With that in mind, we’ve put together 6 tips for recognising and dealing with vulnerabilities that ransomware typically will exploit.
1. Keep your systems and applications updated
If your operating system (OS) or applications are not up to date, it could become a point of entry for ransomware. Without any security patches, a hacker can deploy common methods to access to your IT environment.
No matter how much those security patches and OS upgrades bug you, it’s vital to take them seriously. Most attackers target the low-hanging fruit, so applications and systems must be updated regularly.
2. Perimeter shields are not the be-all and end-all of cybersecurity
When implementing cybersecurity, a common thought is that activity from outside is bad and your staff’s internal activity is above board. While this is understandable, it fails when ransomware attackers deploy phishing emails or malicious links on websites, potentially bringing in an attack through one of your workers.
3. Reshape your network topology
If your IT estate is sitting on a flat network topology, you need immediate action. Flat network topology is where all devices are connected to a single switch instead of separate switches.
Sure, the upside of a flat network topology is a reduction of cost and maintenance, plus it provides better ease of use, but the security risk is immense. This lack of a hierarchal design can enable ransomware and other malware to spread quickly from system to system.
Our advice is to introduce scalable network segmentation. This design reduces the attack surface and prevents lateral movements, resulting in a breach being contained rather than affecting all your IT infrastructure.
4. Establish air-gapped backups
We’re not against online backups. They’re speedy, convenient and rapidly get you back on your feet. Our concern is when an organisation is fully dependent on them, which we don’t recommend.
Ransomware aims to attack every connected system and has no mercy for backups. If you’re able to restore your IT infrastructure from a backup, then the purpose of ransomware is practically nullified. It’s why such threats are designed to take out as many backups as possible.
A combination of offline and off-site backups is ideal. Utilising both increases reliability, as they’re insulated against ransomware attacks. Never abandon your online backups but complement them with a backup strategy outside your network, which will truly galvanise your IT security.
5. Stamp out network and system vulnerabilities
Unused services and open ports are an attacker’s dream. Outdated or default configurations provide an easy entry point.
Ransomware variants like to target Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. You may have these ports open for your purposes, but you should take practical steps to limit connections only to trusted hosts. Review the settings for both on-premises and cloud environments, working with your cloud service provider to disable unused RDP ports.
6. Ensure your staff are informed about IT security risks
It’s vital that every member of your workforce can easily spot the common tactics and traps of malware. Bring in mandatory security training for every member of staff. Through this, you’ve created your frontline of defence.
In recent years, phishing simulations have been used in workplaces to teach employees about emerging tactics used in phishing emails.
Why investing in ransomware is important
You may well be already implementing some, if not most, of the above pointers. With the ever-shifting landscape of IT security, we can’t stress enough how the above advice is crucial to any organisation in any industry. The most common ransomware victims are in the industrial goods and services sector, but without adequate protection, you’re not immune from this problem.