6 ways to prevent a ransomware attack

Practices to avoid a financially crippling scam, for businesses of all sizes

When it comes to scammers, the pipeline to dark “ransomware” money can lead as easily to a national organization’s equipment as an individual’s 13-inch laptop. In between, all businesses big and small are vulnerable – all it takes is a computer and some information that is valuable to its owner.

Ransomware is a form of malicious software that seizes an organization’s data or computer systems and blocks access until a ransom is paid. A high-profile instance occurred in early May 2021, when cyber attackers breached the computerized equipment used to manage the Colonial Pipeline oil system, causing a wide-ranging spike in gas prices.¹

But ransomware groups target small and midsized companies as well – even individuals. In fact, 50% to 70% percent of ransomware attacks aim for small- and medium-sized companies.² The practice has even been commercialized: Ransomware as a Service (RaaS) is available to lease for anyone, even those with little tech knowledge.³

Keeping up and shutting out ransomware: 6 measures

Ransomware attacks have become so prevalent in 2021 that the White House recently issued a memo to business leaders on how to prevent them. Following are some of those measures, along with suggestions by the Federal Trade Commission and the Cybersecurity & Infrastructure Security Agency.

Keep systems and applications patched and up to date. Ensure your applications and operating systems are patched in a timely manner and are running up to date versions. Most operating systems and applications include settings to automatically download and install security updates – these options should be used. Businesses also can look into using a centralized patch management system – software designed to make it easier to manage and deploy patches across multiple systems and applications and to keep them up to date.

Back up as a routine. Any important files, including those of sentimental value (think photos), should be backed up routinely. Further, businesses should ensure backups are not connected to the company network, because ransomware that has access to backup files can encrypt and delete them as well. Make sure you verify your backups regularly.⁸ If you are backing up to an external hard drive, remember to unplug it after the backup is complete. Remember: backups that are maintained offline can be restored.⁴

Break up links between operations and limit network connectivity. Companies with separate operations, such as manufacturing, may be targeted by ransomware that seeks to obstruct output. For security, these companies should limit network access between operations and corporate functions, and internet access to operational networks should be limited as much as possible. One solution: Develop alternate methods, including manual controls, to get around inter-operational links. This helps ensure the networks are isolated and will continue functioning if corporate headquarters are targeted. As a rule, organizations should regularly test these incident strategies.⁵

Shut down unfamiliar links, attachments, and apps. Ransomware often enters a computer disguised as benign email or message, possibly from a friend or coworker whose system has been hacked. One also can be exposed to ransomware by visiting a compromised site or through deceitful online ads. These risks can be limited by updating email security and using URL filtering tools to block such emails from reaching the inbox. An even more effective preventive measure is security awareness training.⁶

Use and maintain security software. In addition to email security and URL filtering, make sure you install and maintain up to date anti-malware software and personal or corporate firewalls to reduce malicious network traffic. A ransomware infection may be evidence of a previous undetected and unresolved malware or network compromise.⁸

Run down a response plan. Companies are advised to develop questions to test their incident response plans. Among the questions suggested by the White House: How long can you sustain business operations without access to certain systems? Would you turn off your manufacturing or other operations if business systems, such as billing, were offline?

Think you’ve been “ransomwared”? What victims should do

More than $350 million in losses have been attributed to ransomware attacks from January to early May 2021, according to a CNN report.⁷ Those dollars can be traced to all sizes of businesses. If you think your systems have been breached, experts recommend the following:

• Lock the attack in. Disconnect infected devices from other computers, shared storage, and any wired or wireless network, to contain the ransomware and prevent spreading. Turn off or disconnect other devices on the same network as the infected computer.
• Secure your backups. Verify your backup data is offline and secure. If possible, scan your backups for signs of malware.
• Locate the source of the breach. An expert may be required to identify the malware strain from evidence on the computer, including messages.
• Restore the computer. If files have been backed up and the malware removed, a computer may be restored. The instructions from the operating system should show how to re-boot, if possible.
• Involve the law. Victims are urged to report ransomware attacks to the Internet Crime Complaint Center or an FBI field office. Details, such as contact information (a criminal's email address) or payment information, should help investigations.

Lastly, call your bank to find out how to protect your accounts from attacks. First Financial offers services that provide added ID security to online accounts – big, small, and personal. Because we know the pipelines to everyone’s finances are equally important.