Network Security: Guarding Against Ransomware Attacks

By Greg Kushto

With the proliferation of ransomware attacks in recent months, no one seems safe. School districts, law enforcement, government agencies and hospitals make up only some of the organizations who’ve had their networks breached and their data held for ransom.

In short, ransomware is everywhere, and its effects can be devastating. Perhaps the most frightening aspect of ransomware attacks is the relative ease with which they’re launched. They aren’t sophisticated zero-day attacks. Anyone using this form of malware isn’t a cutting-edge hacker, but rather an opportunistic criminal who wants to exploit known network, software and human weaknesses.

But there’s still good news. Unlike other more intricate data breaches we’ve seen in recent years, ransomware attacks are comparatively unsophisticated. With the proper security measures in place, they can be stopped.

What does it take to protect your network? Here are the five things you need to in place to avoid becoming the next ransomware casualty.

Access Control

Turns out, the phrase “safety in numbers” doesn’t always hold true.

Criminals generally focus ransomware attacks on networks to which multiple people have administrated or elevated access. Why?

Because it’s easier to quickly access and encrypt files without detection. The sheer number of users—and the resulting clutter—provides attackers with a hiding place.

By controlling these access points, you can reduce the risk of intruders stealing your data, not to mention the number of employees you must monitor. Instead, grant elevated access only to critical employees and only to certain network locations.

Vulnerability Management

Ransomware hackers seek the path of least resistance. They’re not activists or devotees of a cause: They want to make money with the smallest possible expenditure of time or resources. And thus they exploit what already exists.

One of their favorite entry points to your network is through missing software patches. Armed with a list of known vulnerabilities, they throw everything they can against your firewall until they find an unprotected gap.

By patching these holes today, you cut off hackers’ main points of entry. A robust vulnerability management program keeps you informed of any network and software weaknesses so that you can fix them before it’s too late.

Backup Program

When you rely on individuals to back up their own data, you essentially lay out a ransomware welcome mat. People are, unfortunately, notoriously unreliable about archiving data.

A comprehensive data backup program, however, removes the human element from the equation. No matter what the endpoint—laptops, tablets, phones, etc.—placing your data on the network provides more centralized security and protection.

Offline, secure backups are the next step to ensure that a determined hacker can’t encrypt your most important data and hold it hostage.

Turn On Intrusion Prevention

The best way to thwart ransomware is to preempt and prevent attacks in the first place. Unfortunately, many organizations only enable security alerts. That’s not enough. Sure, it will notify you as an attack is happening, but by then it might be too late.

By enabling intrusion prevention for all network ingress or egress points, you can catch the vast majority of these attacks. A next-generation firewall sees these attacks, blocks them from entering your environment and notifies you so that you can trace the source and remediate as needed.

Educate Employees

Ultimately, scams are about targeting human weakness, and ransomware is no different.

Educate your employees about what to look for. Remind them not to click on any unverified links and to operate with a healthy dose of skepticism—particularly when it comes to suspicious emails threatening IRS audits or promising millions of dollars.

If phishing attacks or malicious emails are a hacker’s favorite method of operation, then educated users are their Achilles heel. Ultimately, a blend of common sense and easily implemented security measures provide the best protection against ransomware and its consequences.