Ransomware (or ransomware) is a malicious program that, once inoculated on a workstation or a server, will encrypt the data on the hard disk and make it inaccessible with a ransom demand.
If the machine is connected to a local network, the software will generally try to extend to other workstations and perform the same destructive operation.
The final risk is that the company will be totally impacted and see its sensitive data taken hostage. Unless she agrees to pay a certain amount (in Bitcoin) to acquire a decryption key, which is strongly discouraged because data recovery is not guaranteed at all and will mark you as a new potential target.
As an extension of the webinar devoted to this subject, SFR Business presents the main actions to be implemented to limit the risks of ransomware for your company.
The cost of cyberattacks continues to rise year after year. According to a Senate report established in June 2021, 43% of SMEs experienced at least one cybersecurity incident in 2020, and ransomware attacks increased fourfold between 2020 and 2021.
The consequences are all the more important for small structures of the SME type, which are ideal targets for cyberattacks. According to a Symantec study, 71% of VSEs and SMEs that are the subject of a cyberattack do not recover from it*.
Cyberattacks on the rise
Ransomware attacks have been increasing exponentially in recent years. They have evolved since the global WannaCry attack of 2017 and Ryuk in 2018.
In its report on the state of the ransomware threat of March 2021, the ANSSI (National Agency for the Security of Information Systems), notes 255% of ransomware attack reports between 2019 and 2020.
Ransomware is the most lucrative cybercriminal activity today. Among the most impacted sectors, ANSSI points to digital companies, the health and education sectors, and local communities.
The frequency and scale of these ransomware attacks demonstrate the importance of taking steps to mitigate risk.
Multiple entry points
Ransomware is a low-cost and very profitable way to ransom businesses, which can find themselves in serious trouble as a result. They must be aware that this type of threat can occur at any time from multiple entry points:
- email remains the most used vector through an attachment or a web link pointing to a site containing malware.
- Ransomware can also hide in a simple advertising banner, an image, a mobile application, or a USB key, take advantage of a software flaw, or even be injected through a public Wi-Fi network connection.
How to limit the exposure of vulnerabilities to cyber criminals?
Hackers are opportunistic and follow corporate news to find their future targets. They can take advantage of the launch of a new product to act or more simply orchestrate an untargeted phishing campaign, which means that no entity is immune to ransomware.
It is therefore important to reduce the risk of these threats by deploying security measures:
- The first action to take is to install anti-spam, antivirus, and anti-phishing technologies on the company’s network and terminals.
- Can be added filtering of web flows that will prohibit access to sites and IP addresses listed as threats.
Additional barriers can be put in place:
- The IPS (Intrusion Prevention System) ensures that no malicious attempt to exploit a vulnerability between the company’s server and the internet.
- The Sandbox, in addition to the antivirus, makes it possible to ensure that software unknown to the antivirus does not however contain ransomware by activating it inside a ” sandbox ” isolated from the rest of the system . to analyze its behavior.
How to ensure that protection is effective?
A company wishing to protect itself properly must ensure that its service provider and its security solution use reliable and complete detection modules to carry out effective filtering of any threat.
The company must also be sure that its solution uses reputation databases that are constantly updated and classified by category (URLs known to host ransomware and viruses, infected IP addresses, etc.).
Antivirus/antimalware filtering must also operate through quality databases listing constantly updated virus signatures.
A good professional antivirus must therefore be able to block a new threat between 4 and 8 hours after it has been added to the database.
The security provider’s solution must be in line with these deadlines. The addition of the Sandbox will further reduce this window of risk to all new viruses.
Furthermore, when the company has activated its security barriers in partnership with its security provider, it must be able to correct configuration errors (mixed IPs, activation of a risky service, etc.).
The easiest way is to get help from the provider. He can study equipment safety reports and optimize the safety configuration.
In addition, a vulnerability scanner (such as the Cyberhacker solution) makes it possible to identify and therefore anticipate all computer attacks that appear daily by relying on the databases of vulnerabilities exploited by hackers.
What are the best practices to limit the risks?
Preserving the future of the company by maintaining a healthy network requires the implementation of good security practices. Avoiding the intrusion of malware requires having a good antivirus and web filtering based on reputable and up-to-date databases.
Security licenses must be renewed, and equipment and applications must be constantly patched and updated. The network must be partitioned and ideally, each subnet is protected by a firewall with the finest possible security rules.
Hackers rely on the human errors of collaborators to introduce ransomware. They must therefore be made aware of the risks through training and simulations. And if a crisis occurs, the company must know how to react without giving in to panic.
Quickly disconnecting endpoints and the server from the network, and ensuring backup restores are not as contaminated are good practices.
In conclusion, to limit ransomware as much as possible, it is essential to protect the network with a perfectly up-to-date antivirus and firewall.
They can be associated with web filtering and vulnerability scans. Employees must be trained in cyber risks to avoid inadvertently introducing a virus into the network.