How Does Ransomware Work? It Doesn’t Have to If You’re Prepared

Ransomware attacks have become the most common security threat faced by businesses today. A recent report from TrustWave indicates that the number of ransomware attacks quadrupled last year; this type of attack now accounts for more than 20% of all digital security incidents. It’s now more common than even credit card theft.

The rise in ransomware has always been problematic, but with companies all over the world dealing with new security and administrative issues associated with remote working, it is now a top priority for IT security leaders everywhere. Thankfully, most IT leaders are aware and prepared to defend against threats in conventional business environments. But with so many more endpoints resulting from remote working, the traditional network perimeter is gone, and that’s resulting in many common security protections being rendered obsolete.

Consider a scenario of a 1,000 person company: if all those employees are working in an office on a shared network, IT can focus protection on just that network. But with 100% of employees working from home, IT admins now have 1,000 mini networks to protect against the threat of ransomware attacks. The sheer numbers are overwhelming, but so too is the fact that each of those mini networks is not in their control. To complicate things even more, the tried and true method of applying backup and recovery policies to safeguard against successful ransomware infections isn’t as practical or realistic with a massively distributed, off-network workforce.

Thankfully, IT admins can apply among several best practices that go beyond general endpoint protections and malware defenses that can be employed to support remote workers and keep company data safe. These are actions necessary to secure the activity and data used by remote employees so you can thwart ransomware attacks as COVID continues to keep people connecting to work from kitchen tables and spare bedrooms:

  1. Require MFA: Start with something simple: require users to set complex passwords that are 16 characters at a minimum. But even strong passwords are no longer enough when it comes to secure authentication. Password-cracking programs can try huge numbers of password combinations in relatively short time, and can then brute force into application and networks. Deploying a multi-factor authentication (MFA) solution should be mandatory for every organization, especially now that so many employees accessing company data from outside the enterprise perimeter. An additional authentication factor delivers another critical layer of protection so that even if an attacker can bypass weak or stolen employee passwords, they won’t be able to log in and compromise systems without a physical token, personal smartphone, or unique biometric signature.
  2. Strengthen data access policies: With the majority of your workforce operating outside the office network perimeter, it’s never been more critical to control access to your company data. You must create strict identity and access policies and buttress your access control lists so you can limit employee access to areas of your infrastructure in which you’re storing valuable company data and content. These types of policies will allow you to enable or deny permissions by account, user, or based on specific requirements such as date, time, IP address, or whether requests are sent with SSL/TLS. Use the principle of least privilege, and only give users access to the accounts, systems, and data that’s absolutely necessary for them to be productive. This is a crucial step when it comes to ensuring attackers or unauthorized parties can’t get access to, delete, or expose your critical data.
  3. Educate and train employees: A recent report from Verizon indicates that 80% of reported security incidents involve phishing, and according to one report, phishing attacks are to blame for two-thirds of successful ransomware attacks in 2019.  Even though remote employees are not completely on their own, when at home they simply don’t have the same type of access to skilled IT and security staff. So it is critical that they be trained to identify and avoid ransomware attacks to two understand their part in playing defense. Security education programs and mandatory, regular trainings can teach employees how to spot threats and report them. Companies can even simulate attacks by testing employee behavior by distributing harmless links or downloads that are made to look like phishing attempts. Security education and training is a smart investment when you consider the potential financial and reputational damage caused by a data breach.
  4. Harden the compute layer: Now is the time to assess and secure your compute layer to ensure your systems and data remain available only to those who should have access. This is a critical step in keeping away threat actors that could potentially find a way in through a remote entry point. One way to do this is to remove outdated or unnecessary programs from user devices, which just offer additional attack surfaces for bad actors to target. Ensure that all user devices are updated and patched automatically, or as frequently as possible. While these measures can’t provide 100% protection against attacks, they can significantly reduce your risk. Also, take the time to adjust your hypervisor firewall rules. This is important because you can manage both ingress and egress traffic to set granular rules for which users can send, receive and access both inbound and outbound data, as well as how much and which types. Setting strict outbound rules is incredibly important here due to the fact that ransomware attacks often threaten to leak confidential company data.

Research shows that exposure of just a single terabyte of data costs a company, on average, $129,324; think about how many terabytes of data your organization stores today. Most companies end up storing hundreds of thousands to hundreds of millions of files, most of which are highly valuable and critical to business operations. Ransomware attacks continue to wreak havoc on companies of all types and sizes by locking those assets away as leverage for cyber extortion.

As the coronavirus pandemic continues to play out and keep workers at home, attackers will focus their attention on the many new targets supplied by the growing array of home and mobile networks being used by remote employees. The most effective approach is to prevent ransomware infections before they can inflict damage, and using the above best practices today will help you better secure off-network employees if and when ransomware enters your domain.

Photo by Lianhao Qu on Unsplash

Get started with Egnyte today

Explore the best secure platform for business-critical content across clouds, apps, and devices.

Share this article
Rosie Fan

View All Posts
Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte's Privacy Policy

Thank you for your subscription!

Welcome to
Egnyte Blog

Product and Company Updates
Customer and Partner Updates
Life at Egnyte
Industry Insights
Contact Support