Just antivirus software is insufficient protection against ransomware

The chances are quite high that an organisation will be hit by ransomware at some point. It is therefore important to think about the protection of the IT environment. This requires a security and a remediation strategy.

The IT environment of a business is usually well protected. Using firewalls, antivirus and intrusion detection & prevention systems, most organisations have built digital wall around their IT system. However this is not sufficient when trying to protect your organisation against ransomware attacks. The outside is protected but the inside may still be too exposed. The internal network would normally allow transparent traffic, which makes it quite easy for an intruder to explore the environment. The active directory, the backup environment, the systems with important data can be found in quite quickly.

Deception Software to prevent Ransomware attacks

It will become more difficult for hackers if your organisation uses deception software. This gives the impression that there are important systems in a certain domain. If an attacker attempts to log into systems running deception software, alarm bells are immediately set off. In other words, the intruder has less chance of installing and distributing ransomware. A forensic investigation can then be started immediately when detected. Often organisations do not have the knowledge to do this forensic investigation and they will have to use specialised. While starting up forensic software is not very difficult, analysing the environment and starting possible cleaning operations are tasks that require experience.

If the intruder does manage to find important files and data it is important that these are well protected. This can be done by securing the essential data such as active directory data, certificates and indispensable data in an air-gapped environment. This is an environment that is occasionally online to import data. After this import, the environment is immediately removed from the network.

Resolve a ransomware attack

Recovering from a ransomware attack is a tricky business. Without categorisation of the data, it is an impossible task. Each business unit will consider its data most important and queue up to get their storage back. It is important that a recovery system, because an intruder can be doing damage for months before he is discovered.

For the backup it is important to use the three-two-one strategy; at least three copies of the backup on at least two types of media and at least one of those media must be offline. So it doesn’t help to have a backup on a virtual tape library and a copy in Azure. You will need to have at least an offline tape to meet the requirement, or the air-gapped environment as discussed earlier.

Just antivirus software is insufficient protection against ransomware

Prevention of ransomware attack

There are many things to think about when it comes to preventing a ransomware attack. Where are the weaknesses  within your IT environment and what could the organisation do to close them?

The extent of an attack can also differ. For example, a hacker may be inside the network, but he hasn’t installed or distributed anything yet. In some cases, the intruder will only want to steal data and resell it. In the worst case, all systems will be locked and the encryption key can only be obtained by transferring a sum of money.

Prevention is better than cure. The strategy starts with prevention. But now we have to look at it from a different perspective. The intruder who used to unleash a virus in your IT environment has been retired for years. The successors are more shrewd and have different interests. Your organisation should respond to that. Ransomware attacks can no longer be compared to a disaster recovery strategy. There are far too many differences, which is why a ransomware attack requires a different strategy.

Tech-Wales Business IT Support

At Tech-Wales we offer great business IT support combined with cyber security and online protection consultancy and services. We can provide you with quality IT support and set up or improve your business IT infrastructure to keep you safe from any attacks. Contact us today to discuss.