Your employee clicks on a sketchy mail and opens the attachment file unknowingly, out of curiosity, the next thing you know, all your files are locked and inaccessible. The ransomware which started from that mail has now spread through your entire server, locking you out of all your important files. A ransom message shows up on your screen, it demands payment in the form of cryptocurrency. It feels like after you make the payment, they will return your files, but is there any guarantee to that? Ransomware as a malware has only ever evolved in the threat category and there is no surety of anything. So, many after receiving the payment, the attackers can just publish your locked personal files on the Internet.
Is not better to prevent a ransomware attack rather than having to decide whether to pay the ransom in exchange for your locked files?
We all have heard the idiom, “Prevention is better than cure” and that applies to all situations in life, not just the medical ones. There are a number of factors which can leave you vulnerable against ransomware attacks, viz;
- The devices you are using in your office are outdated
- The software on the devices are outdated or not regularly updated
- Browsers or the operating system is outdated
- No proper backup plans
- No software to identify cyber malwares.
In addition to these factors, this article will also discuss the other factors to look out for and how to prevent and protect against ransomware.
HOW TO PREVENT RANSOMWARE ON SERVER?
The victims of ransomware usually range between individuals and small to medium sized businesses. Ransomware is not an absolute threat which cannot be avoided, but like any other cyberattack, it can also be prevented.
Let’s talk a walk through the prevention methods you can opt to protect your server from ransomware attacks:
Keep information of your assets:
Keep yourself informed on the number and kind of hardware as well software assets which are connected to your network. Keeping a list of the same can help you keep track of what needs to updated or replaced with a modern version.
Raise awareness amongst your peers:
- Avoid clicking on sketchy mails: Do not click on mails that are random or bear a sketchy looking email address. Phishing mails have been known to hide as delivery service, lottery services, e-commerce coupon services and even posing as a law enforcement agency.
- Do not give out personal information: Saving yourself against phishing mails is practically impossible because of so many services who keep track of personal information to enable personalised ads for you but when it comes to your business server, raise awareness amongst your employees against giving out personal information.
- Do not click on ads: We are all guilty of idling through social medias / online game websites during work hours, more often than not, these websites are riddled with random ads making all kinds of promises.
- Practice limited Access: Practicing limited access by giving your peers only the level of access that is required to get their job done, you can protect yourself from a number of malwares because then access to your most important files would require your direct permission.
- Only download from trusted sites: Downloading from trusted websites also helps prevent cyberattacks. Most trusted websites use “HTTPS” extension.
- Use strong passwords: Weak passwords fall victim to various types of cyberattacks, ransomware being one of them. Advise your peers to use strong passwords to avoid any attack.
- Avoid use of unfamiliar hardware: Internet is not the only gateway for ransomware, external hardware like hard disk, hard drives, USB drives or CDs can also contain an array of viruses and other malwares.
- Keep Bluetooth and infrared ports turned off when not in use: Cyberthreats can also be addressed by turning off Bluetooth, infrared ports and other wireless connections when they are not in use.
Use the Show File Extensions:
Show File Extensions is a useful extension which informs you what kind of file it is that you might be clicking on anywhere on the Internet. It helps identify file type like .gif, .jpeg, .exe, .docx, .pdf, etc.
Regularly scan compressed / archived files.
Use extensions of security services which scan archived or compressed .zip files before you click them.
Utilise spam filters:
There are various ways to filter through emails. You can add certain keywords and if a mail contains that certain keyword, the email will go straight to your spam folder. Some technologies you can use are; Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM).
Patch and regularly update your software:
Patching and updating your software regularly plays a key role against ransomware attacks because software gets constantly updated to fight against cyber and another kind of virus attacks. Delaying a software update is like knowing a threat is coming but keeping your guard down.
Enforce Software Restriction Policies:
Software Restriction Policies are trust policies that enable organizations to manage the process of running applications on computers. It enables you to designate where certain apps are and are not allowed to run.
Block malicious Tor IP addresses:
Every year the list of malicious Tor IP addresses gets updated, it is only wise to not just go through the list but also blocking them from your servers to avoid any contact.
Use antivirus applications:
There are a number of antivirus applications and services which perform regular scans to identity malware and take required action against them.
Use a third-party backup service:
Using a third-party backup service like a Cloud service can help keep your network segmented to keep your backups away from the main system. Ransomware has been known to infect backups too so keeping it segmented can avoid losing your backup files to an attack.
In case, you do fall victim to ransomware, here are some measures you can undertake:
1. Disable web: If you feel like you have clicked on a sketchy mail / file attachment / link, turn off the web connection to your computer at once. This can come in handy when the ransomware attack is in its early stage and can help prevent spreading to your server.
2. Disable file sharing: Disabling file sharing can prevent the malware from transferring from unit to the other to infect your whole server.
3. Disable Windows Script Host: Some malicious actors use .VBS files (VBScript) to run ransomware on an infected computer. Disabling Windows Script Host can prevent ransomware from spreading.
4. Do not provide personal information: While contacting back the attackers, avoid conveying any kind of personal information. Be sure to report suspicious calls to your IT services.
5. Do not pay the ransom: Paying the ransom may feel like the solution but there is only a fifty-fifty chance that it might work. There is a hundred percent chance of encouraging the attackers, however. Check online for decryption tools.6. Restore backup files: any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
HOW TO PREVENT RANSOMWARE IN HEALTHCARE?
Ransomware attacks in healthcare is not only dangerous but also extremely costly. According Bitdefender, there had been an increase in attacks against hospitals by 60% between February and March of 2020, whereas Recorded Future reported that at least 26 healthcare providers were hit with ransomware attacks between January and May of 2020. The numbers are only ever rising with so many variants in technology and evolution of malware.
Some preventive measures to keep protect healthcare systems can be:
1. Educate users:
Human errors are the reasons behind one third of healthcare data breaches. Holding repeated and regular sessions to educate your users about software updates, patches, firewalls, antivirus software, etc can help prevent human errors to an extent.
2. Follow IT rules:
Using your data system in compliance with IT rules can protect you from leaving a vulnerable side open to ransomware threats. Maintaining HIPAA compliance in addition to following an IT security framework can help to ensure that your systems are as secure as possible. It can also help in threat management and provide you with various resources to navigate through a cyberattack.
3. Regular data backups:
Backups are the key to protect your patient files and details from ransomware attacks as well as a reliable bookkeeping method in case you lose your files due to other reasons.
4. Adopt AI and ML anti-fraud solutions:
Artificial Intelligence (AI) and Machine Learning (ML) can track real-time data and alert you in case of suspicious emails, unsafe links, compressed files, etcetera. These technologies can also help data protection, insurance scam detection, data analysis, drug accounting, and other essential tasks for any healthcare system.
5. Consider insurance:
There are insurance policies available which are designed to cover cybersecurity risks as well. It is not a preventive measure, more of a protective measure but with the rise of ransomware attacks against healthcare systems, insurance coverage can provide a peace of mind. In the event of an attack, it can also help you get in contact with security industry experts who can aid you about what you can do next to minimize your loss.
6. Assess your risk
With the constant evolution of ransomware, it is wise to consult IT staff to perform regular assessments to cover your vulnerabilities.
In case you are under attack of ransomware, then get in touch with IT staff or consultants who will help you access your risk and can also help you to decrypt your files, or recover backups.
RANSOMWARE PREVENTION CHECKLIST
From the information provided throughout this article, it is fair to conclude that regardless of what your organization deals with or the kind of business you have, the preventive measures are the same. The preventive measures can be considered universal and applicable to all.
Let’s have a quick look at the Ransomware Prevention Checklist which has been compiled from the measures provided above.
Ransomware Prevention Checklist:
- System Updates: Keeping systems up-to-date or replacing them with modern and better counterparts helps protect against cyberattacks, including ransomware. It also ensures that your system does not lag and is up to speed.
- Employee Awareness: Educating your peers and employees is another important key. From educating against clicking on unknown emails, links, ads to using spam filters to filter through unknown messages, mails. Hold regular sessions to remind your employees to change weak passwords, to turn off Bluetooth and other infrared ports in case they are not being used, and to not give out any kind of personal information on any unknown websites.
- Backups: Backups is probably the most important preventive as well as protective measure against ransomware attacks. Regularly back up your personal files, organization assets, employee and client information.
- Cloud Services: Backing up is further useful when you use a third-party cloud service. That way, your backups remain unconnected to your main network, which if affected by ransomware, will not be able to spread to your backups and lock the backup files as well.
- IT Compliance: Following IT compliance can help you secure your vulnerable ends. They can help you identify and take actions in case any of your preventive measures are lacking against ransomware.
- Antivirus Services: There are various antivirus software, both free and paid subscription ones which can help you scan your software regularly and detect any kind of malware. Antivirus services can also warn against any vulnerabilities in your security and provide you with the solution as well.
- Blocking Malicious Websites: From malicious Tor websites to other malicious websites, there are lists of websites which are considered dangerous, blocking them all from your server can protect you from the threat of ransomware.
- Creating emergency response policies: In case your system does get attacked by ransomware, it wise to have an emergency response policy, like contacting law enforcements, IT services, searching online for the decryption key, not giving into the temptation of paying the ransom, restoring backup files.