Watch iAdmin on-demand: A virtual conference for the IBM i professional

Watch Now
Female wearing glasses and male gazing at laptop
Articles & Insights

6 ways to enforce ransomware attack prevention

Ensure you’re not a victim of this increasing malware trend 

There were 304.7 million ransomware attacks in the first half of 2021, a 151% increase since 2020, so reports an infographic from SonicWall. The phenomenon of this malware shows no sign of stopping. 

For the attackers, the financial rewards can be huge, and for the victims, the losses can run into the millions, even forcing some to bankruptcy

With that in mind, we’ve put together 6 tips for recognising and dealing with vulnerabilities that ransomware typically will exploit.  

1. Keep your systems and applications updated

If your operating system (OS) or applications are not up to date, it could become a point of entry for ransomware. Without any security patches, a hacker can deploy common methods to access to your IT environment. 

No matter how much those security patches and OS upgrades bug you, it’s vital to take them seriously. Most attackers target the low-hanging fruit, so applications and systems must be updated regularly. 

2. Perimeter shields are not the be-all and end-all of cybersecurity 

When implementing cybersecurity, a common thought is that activity from outside is bad and your staff’s internal activity is above board. While this is understandable, it fails when ransomware attackers deploy phishing emails or malicious links on websites, potentially bringing in an attack through one of your workers. 

3. Reshape your network topology 

If your IT estate is sitting on a flat network topology, you need immediate action. Flat network topology is where all devices are connected to a single switch instead of separate switches.  

Sure, the upside of a flat network topology is a reduction of cost and maintenance, plus it provides better ease of use, but the security risk is immense. This lack of a hierarchal design can enable ransomware and other malware to spread quickly from system to system. 

Our advice is to introduce scalable network segmentation. This design reduces the attack surface and prevents lateral movements, resulting in a breach being contained rather than affecting all your IT infrastructure. 

4. Establish air-gapped backups 

We’re not against online backups. They’re speedy, convenient and rapidly get you back on your feet. Our concern is when an organisation is fully dependent on them, which we don’t recommend. 

Ransomware aims to attack every connected system and has no mercy for backups. If you’re able to restore your IT infrastructure from a backup, then the purpose of ransomware is practically nullified. It’s why such threats are designed to take out as many backups as possible.  

A combination of offline and off-site backups is ideal. Utilising both increases reliability, as they’re insulated against ransomware attacks. Never abandon your online backups but complement them with a backup strategy outside your network, which will truly galvanise your IT security. 

5. Stamp out network and system vulnerabilities 

Unused services and open ports are an attacker’s dream. Outdated or default configurations provide an easy entry point. 

Ransomware variants like to target Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. You may have these ports open for your purposes, but you should take practical steps to limit connections only to trusted hosts. Review the settings for both on-premises and cloud environments, working with your cloud service provider to disable unused RDP ports. 

6. Ensure your staff are informed about IT security risks 

It’s vital that every member of your workforce can easily spot the common tactics and traps of malware. Bring in mandatory security training for every member of staff. Through this, you’ve created your frontline of defence. 

In recent years, phishing simulations have been used in workplaces to teach employees about emerging tactics used in phishing emails. 

Ransomware will cost victims over $265 billion annually by 2031.  

Cybersecurity Ventures Magazine

Why investing in ransomware is important 

You may well be already implementing some, if not most, of the above pointers. With the ever-shifting landscape of IT security, we can’t stress enough how the above advice is crucial to any organisation in any industry. The most common ransomware victims are in the industrial goods and services sector, but without adequate protection, you’re not immune from this problem. 

Additional resources