Best-Practices on protecting data against Ransomware

Best-Practices on protecting data against Ransomware

Security continues to be a hot topic of discussion. As well-defined by IDG, "Ransomware is a form of malicious software (or malware) that, once it's taken over your computer, threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin."

While ransomware and malware have existed since as early as 1989, the modern age of ransomware started with CryptoLocker in 2013. In the intervening years attackers have become increasingly sophisticated and business-minded.

In the modern workplace, data is the most valuable asset to most businesses. Here are a few things that businesses can do in order to deter ransomware attacks:

  1. Using different credentials for backup storage: The backup repositories should be safeguarded and restricted such that only specific Service Account has access to it. [Example: Domain\Service.Backups]
  2. Use the 3-2-1 rule: The image below depicts this message clearly

  3. Include offline storage in your data protection strategy: While most businesses are moving their data to the cloud, having local storage can be extremely helpful for fast data recovery. It is important that access to these media is restricted and controlled.
  4. Leverage different file systems for backup storage: Having different protocols involved can be another way to prevent ransomware propagation. [Example: Using Linux Authentication (ext3, ext4, NFS mounts etc.)
  5. Have appropriate monitoring on your infrastructure: Setting up alarms to identify a lot of writes on disk and high CPU Utilization could be another possible symptom of a possible ransomware activity.
  6. Plan for Disaster Recovery Testing: Every company could benefit from both a disaster recovery plan and a business continuity plan (BCP). Investing in a DRP and BCP is as critical as having backup setups.
  7. End-user education: Most ransomware enters organizations via websites or files downloaded by users going to malicious websites. Proper user education goes a long way to ensure that this is minimized, even with the deployment of end-point protection.