Prepare and Prevent Ransomware Attacks

cryptolockerThis week we will be focusing on preventing, detecting, and recovering from the many variants of the crypto-ransomware exploit.  Ransomware attacks, such as CryptoLocker, CyrptoWall, Locky, Chimera, Zepto, and the like, have become one of the best money-making exploits for cyber-criminals, with new variants appearing on the scene every month.  These attacks usually start with a phishing email and a ZIP file attachment or a malicious link, so email vigilance can help.  But there have been some variants that open the attack using other means including sophisticated exploit kits that take advantage of system vulnerabilities.

Once the attack has completed, the only way to decrypt your files is to pay the ransom for the decryption key, or to restore your files from a good, working backup.  The best defense is to avoid the infection in the first place.  Here are 9 tips to help you:

  1. Training – Cybersecurity awareness training can teach your employees how to recognize phishing emails, and teach them about the dangers of email attachments and links.  Learning how to confirm the authenticity of an email by confirming with the sender, or analyzing links and attachments with a tool such as VirusTotal can do more to protect your business than almost any other tactic.
  2. Know what you own – Having an accurate inventory of everything attached to your network will prevent an attack from being launched from an unknown, old, or unpatched system.  Software tools such as Network Detective can help round up that information.
  3. Patch and update – Keeping operating systems and software updated is critically important.  Most updates address security issues that could be exploited by an attacker.
  4. What’s it worth?  – What is the cost to the company if your data is held for ransom?  Hollywood Presbyterian Hospital paid $17,000 for the key mainly because it was cheaper than restoring everything from backup.
  5. Current working backups – It’s pretty hard to restore from backup if you don’t have them.  Another important task is to actually test the backup and see if it works.  Many a restore has failed because nobody ever tested it before it was needed.  Offsite or cloud-based backups can be an important option, too.
  6. Network segmentation –  Flat networks, where everyone is connected to the same subnet and can access anything make it easy for an attacker to do the same.  Using VLANS and other network segmentation techniques and keep an infection from spreading to every computer
  7. Pentesting – Your IT staff or contractor should be performing regular vulnerability assessments and penetration tests to find the holes in your network security.  If you need outside help for this activity, get it.  Find someone who specializes in this work.
  8. Fire drill – Have a process for employees to follow to alert the IT staff and warn other employees of suspected phishing and other attacks.
  9. Remote Access – If employees, vendors, suppliers, contractors, or customers have access to your network, you are only as secure as the weakest of the bunch.  Make sure everyone with access to your network is adhering to your security standards.

This is a short list of preventive activities your company can undertake to prevent and attack. Wednesday we will look at ways to detect and defend against a ransomware attack.  Friday we will be looking at recovering from a ransomware attack.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.