Five Best Practices to Safeguard Your Client Data Against Ransomware

Body

hacker with key and money

With the current spate of ransomware attacks, the White House has warned business leaders to increase cybersecurity against these attacks. The White House is stepping up its efforts to combat the increasing damage being done by ransomware-wielding attackers. With the number and size of these ransomware incidents increasing significantly, US President Joe Biden has made strengthening the nation’s cyberattack resilience for both private and public-sector a top priority.

In his memo, the White House urged U.S. corporate executives and business leaders to take ransomware crime seriously and ensure their corporate cyber defenses match the threat.

The warning comes after the seemingly non-stop spate of ransomware attacks over the last month, the DarkSide gang hit Colonial Pipeline Corp., leading to supply concerns and panic-buying of fuel along the U.S. Eastern seaboard. Ireland’s national health service was also hit last month, is still suffering from significant disruption more than three weeks after falling victim to a ransomware attack. And most recently, JBS the worlds largest meat producer, warned about disruptions in its U.S., Canada and Australia operations attributed to the ransomware attack.

But, first off, let’s understand the impact of a ransomware attack.

Ransomware is, by definition, a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.

Ransomware can infect a system via a delivery method like a phishing email with a malicious attachment. In fact, around 95% of such attacks begin with an innocent looking email, wherein attackers can gain trust through social engineering before tricking their victim into opening a malicious file that installs the ransomware. Once installed, the malware goes about encrypting all the files on the systems and then demands a payment to decrypt them. Some companies choose to pay the ransom, some try to gain a decryption key, and others have no choice but to format their systems and restore from a hopefully uncorrupted backup. The sad reality is that ransomware attacks often cost companies in one way or another, with total costs now globally mounting to billions of dollars.

Aside from the financial element of remediating the attack or loss of data, there is also risk of reputational damage and the possibility of a fine should you lose other people’s information through a breach. GDPR fines at some large companies have been in the hundreds of millions.

So, what can be done to prevent this from happening?

According to CNBC, the copy of the White House memo it obtained listed the following five best practices for safeguarding against ransomware attacks:

  1. Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.
  2. Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.
  3. Test your incident response plan: There’s nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
  4. Check your security team’s work: Use a third-party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.
  5. Segment your networks: There’s been a recent shift in ransomware attacks – from stealing data to disrupting operations. It’s critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety-critical functions can be maintained during a cyber incident.

How Asigra Can Help:

At Asigra, we offer MSPs Four Levels of Comprehensive Backup Data Security to help you prevent ransomware from infiltrating and compromising client data backups.

  • Level 1: Agentless Architecture — Asigra’s agentless architecture enhances security by removing points of attack inherent with agent-based architectures.
  • Level 2: Standard Protection: Within the Asigra platform, your customers’ data is protected at all times with the highest levels of security and compliance:
    • AES 256-bit in-flight and at-rest data encryption
    • Government-approved NIST FIPS 140-2 security certification
    • Multi-factor authentication(MFA)
    • Alternating Repository Naming creates a moving target for malware payloads
    • Soft Deletes provides a hidden/secret deletions folder for a set period of time
  • Level 3: Proactive Malware Blocking — Asigra’s Bi-Directional Malware Detection detects and quarantines ransomware in backup/recovery streams before it’s stored preventing stealthy attack-loops.
  • Level 4: Step-Up MFA — App-centric Multi-Factor Authentication enabled passwordless sign-in available throughout the software stack to protect sensitive data at multiple levels in the system. Once logged in via MFA, administrators will be able to configure access to control which users can sign into the Asigra Management Console and other mission critical areas of the application without using a password.