There are many methods of mitigation recommended for all types of ransomware, including patching early and often and enabling file extensions. Here are five best practices you can implement to mitigate against enterprise ransomware attacks specifically.
Lock down remote management
RDP is the most commonly utilized deployment method for enterprise ransomware attacks. Locking down your organizations RDP access and other management protocols is one of the most effective steps you can take to secure against targeted ransomware attacks.
There are numerous ways you can do this, such as require users be on a VPN before they can access RDP or restrict access to known IP addresses. Your organizations firewall should be able to implement both methods.
Back up regularly and keep a recent backup copy offline and offsite
There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete. Encrypt your backup and you won't have to worry about the backup device falling into the wrong hands.
Monitor your network 24/7
Enterprise ransomware attackers are meticulous when it comes to attacking at the right time of day (or night). To minimize the attack window, it is essential to monitor your network at all times and put in place steps to detect and respond to threats as soon as they are discovered.
One way of achieving this is by implementing a Managed Threat Response (MTR) service. MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate more sophisticated and complex threats (synonymous with enterprise ransomware attacks).
Educate your workforce
Nearly every strain of enterprise ransomware attack includes a phishing element. Helping your employees to understand how to spot these bogus communications is critical in circumventing malicious access to your networks.
One way of doing this is by setting up regular simulated attacks and monitoring the performance against them. This will allow you to gauge your enterprises phishing attack readiness and ultimately the level of training required to prepare your employees.
Review the deployment and configuration of your IT cybersecurity implementation
Enterprises often have sufficient technology in place to safeguard against enterprise ransomware attacks, but it rarely deployed or configured in the most optimal way to do its job properly.
Proper deployment and configuration is key to reducing the surface area of attack and minimizing the risk and potential scope of propagation.
General best practices to stop ransomware
The tips above will enable you to safeguard against enterprise ransomware specifically, but there several measures you can take to protect yourself against ransomware attacks in general.
- Patch early, patch often. The sooner you patch, the fewer holes there are to be exploited.
- Enable file extensions. Enabling extensions makes it much easier to spot file types that wouldn't commonly be sent to you and your users, such as JavaScript.
- Open JavaScript (.JS) files in Notepad. Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.
- Don't enable macros in document attachments received via email. A lot of infections rely on persuading you to turn macros back on, so don't do it!
- Be cautious about unsolicited attachments. If in doubt, leave it out.
- Monitor administrator rights. Constantly review admin and domain admin rights. Know who has them and remove those who do not need them.
- Stay up to date with new security features in your business applications.
- Use strong passwords. making them impersonal, at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation Ju5t.LiKETh1s