Ransomware is still one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of highly targeted file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.
Today, businesses large and small are no exception to the threat of increasingly aggressive ransomware attacks. Loss of access to critical files, followed by a demand for payment, can cause massive disruption to an organisation’s productivity. According to Sophos’ recent report “The State of Ransomware 2022”, 66 per cent of organisations were hit by ransomware last year – an increase from 37 per cent in 2020. In 2021, attackers were successful in encrypting data in 65 per cent of attacks, and there was a decrease in attacks that did not encrypt data, but threatened to leak the victim’s data.
Amidst this, it is imperative for enterprises to implement best practices to stay protected from ransomware, and here’s how:
Backup regularly and keep a recent backup copy offline and offsite
In the case of a ransomware attack, having an encrypted backup can save enterprises’ precious time and financial resources in getting operations back up and running. Having a backup that is regularly updated and available offline and offsite, also ensures that leaders do not have to worry about the backup device falling into the wrong hands.
Enable file extensions
Be cautious about unsolicited attachments
Ransomware attackers rely on the dilemma users face knowing that they shouldn’t open a document until they are sure of the sender and its contents. In cases where the authenticity of an email cannot be confirmed, a good practice is to exercise caution and report suspicious content.
Monitor administrator rights
IT teams should ensure that they constantly review admin and domain admin rights, and are updated on who has them and remove those who do not need them. Additionally, users should not stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while they have administrator rights.
Use strong passwords
It sounds trivial, but it really isn’t. A weak and predictable password can give hackers access to an organisation’s entire network in a matter of seconds. It is recommended that users use passwords that are at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation; Ju5t.LiKETh1s!
(The writer is the Country Manager for Sri Lanka and Maldives at next-generation security leader Sophos)
By Prasad Wijesuriya