Ransomware Protection. PHOTO: Cybercrime Magazine.

5 Ransomware Protection Strategies to Neutralize Cyberattacks

Large businesses make the case for ransomware preparedness and prevention

Tony Parry

Slough, England — Aug. 21, 2020

When GPS navigation and wearable technology firm Garmin recently experienced an apparent WastedLocker ransomware attack, customers were literally stopped in their tracks. The four days of downtime resulting from the attack affected Garmin customers including aviators who couldn’t fly planes and athletes who couldn’t track workouts. After reportedly paying a multi-million dollar ransom via a ransomware negotiation firm, Garmin obtained a decryption key to restore service and recover files. According to a banner on the Garmin website following the attack, while many services affected by the outage were back up and running, some features still experienced temporary limitations. Time will tell what the long-term impact of the downtime will have on consumers.

But not all breaches are created equal. Take the latest Twitter hack. Something was awry when high-profile celebrities started requesting bitcoin donations on their Twitter handles. In response, Twitter shut down access to verified accounts to assess the breach and found that the attackers successfully tweeted from 45 of the 130 targeted accounts, accessed the direct messages of 36, and downloaded the Twitter data of seven. Ultimately, it was determined that the cybercriminals accessed the site via a spear-phishing attack, and a federal investigation followed bitcoin payments and IP addresses to identify the alleged suspects.

5 Steps to Ransomware Readiness

When even the most highly regarded businesses suffer cyberattacks, it’s more obvious that no organization is immune to the threat of ransomware. To help combat the threat of ransomware, consider these five ransomware protection strategies to neutralize cyberattacks through integrated anti-ransomware and other threat prevention technologies with disaster recovery and high availability capabilities.

1. Actively manage access

Building the necessary controls and procedures is critical to protect applications and systems from unauthorized users. Restricting access to common entry points protects your critical applications and data from encryption. Cybersecurity best practices such as multi-factor authentication and advanced password standards offer additional security to keep bad actors out of your systems portfolio.

2. Manage systems configuration across attack vectors

To address the full spectrum of ransomware threats, organizations should deploy centralized management systems and procedures. Sensitive data should be assessed and categorized, then separated across servers, networks, and data stores. To detect phishing, prevent email spoofing, and filter executable files, ensure antivirus and anti-malware solutions automatically update and scan incoming and outgoing emails. A centralized patch management system is critical to patch all endpoints as vulnerabilities are discovered, including on mobile devices, operating systems, software, applications, cloud locations and IoT. Both known and unknown malware can be detected by deploying signatureless deep learning, anti-exploit and anti-ransomware technologies.

3. Combine data security and data protection solutions

Organizations looking to achieve true cyber readiness require a comprehensive cybersecurity and data protection solution to ensure end-to-end protection. With ransomware targeting backup data, protecting backup repositories from malware, ransomware and zero-day attacks is a critical component of any data protection strategy. Arcserve strongly recommends implementing the 3-2-1 rule by creating three copies of your data, storing them on two different media, with one of them being stored off-site. And, we cannot stress enough how important it is to routinely test backups for data integrity and to ensure it is operational, as well as routinely test data and disaster recovery process to ensure preparedness.

4. Engage users with training and communications

Empower your end users with the education and practices they need to defend against ransomware attacks. Regular awareness training and communications will allow everyone in your organization to understand the threat of cyberattacks and become familiar with security techniques. Implementing security and ransomware policies and procedures for end users, including guidance on how to spot phishing attempts and avoiding unknown websites, will help protect your data from threats. Make sure your employees know where and how to report suspicious activity, as well as the procedure for reporting when a breach has occurred.

5. Maintain and test a business continuity and disaster recovery plan

To ensure applications and data can be fully recovered in the event of a disaster, organizations must establish, test, and maintain practices, procedures and tools that enable a comprehensive business continuity and disaster recovery (BCDR) plan. We recommend setting up contingency and remediation plans which are crucial to business recovery and continuity — regardless of the source of the outage. Conducting a risk assessment that classifies the types of disasters that can occur and establishes priorities for recovery and business continuity is a critical component of a BCDR plan. It is also important to have an incident response plan that includes what to do during a ransomware event, including disconnecting the infected system from the network to prevent infection propagation, determining data sensitivity.

Are you ransomware ready?

Download Arcserve’s Ransomware Readiness Assessment to measure your capabilities and chart a path to a ransomware-free future.

Arcserve Archives

Tony Parry is a Partner Account Director for Arcserve where he’s responsible for building channel relationships in the EMEA region. With more than 30 years of experience in IT channel roles, he is passionate about addressing evolving data and ransomware protection challenges.

About Arcserve

Arcserve provides exceptional solutions to protect the priceless digital assets of organizations in need of full scale, comprehensive data protection. Established in 1983, Arcserve is the world’s most experienced provider of business continuity solutions that safeguard multi-generational IT infrastructures with applications and systems in any location, on premises and in the cloud.

Organizations in over 150 countries around the world rely on Arcserve’s highly efficient, integrated technologies and expertise to eliminate the risk of data loss and extended downtime while reducing the cost and complexity of backing up and restoring data by up to 50 percent.

Arcserve is headquartered in Minneapolis, Minn. with locations around the world. Explore more at Arcserve.com and follow @Arcserve on Twitter.