← Insights
CybersecurityMay 1, 2020

Ransomware And How To Prevent It

By Pete Rife

This article is scheduled for a refresh. Some references may be dated — contact us for current guidance.

Ransomware continues to be one of the most disruptive attack vectors businesses and organizations face today. Often, it only takes one click of a link in a well-crafted spear phishing email and the company's data is encrypted — only to be left with a flashing screen with instructions to transfer a large sum of cryptocurrency in order to receive (hopefully) the decryption key.

The gangs behind these attacks are highly organized, well-funded, and continuously employ increasingly sophisticated tactics. Even nation-state actors are known to operate in the ransomware space. State and local governments, schools, and hospitals have been particularly attractive targets. Attackers have a significant arsenal of exploits to gain a foothold on your network, but there are some basic and effective steps you can take to lower the chances that your organization is next.

Use Comprehensive Endpoint Protection

Your enterprise should have a fully deployed endpoint protection suite with central management, configured to update frequently and notify administrators if an attack or compromise is detected. Scanning of email is vitally important because ransomware is most often introduced via email links and attachments. Modern EDR (Endpoint Detection and Response) solutions offer significantly better coverage than legacy antivirus.

Harden Your Network Perimeter

Start with hardened firewalls with Intrusion Detection and Prevention capabilities. Segment your network so that a compromise in one area cannot spread freely to others. Treat lateral movement as a core threat model — because for ransomware actors, it is.

Use Secure DNS

Secure DNS services can be an important additional layer of security. Malware often needs to communicate with command-and-control infrastructure to receive instructions or deliver data. DNS-layer controls can disrupt these communications before the attack fully executes.

Build a Robust Backup and Recovery Program

Often the only way to restore a compromised system without paying a ransom is to restore from backup — ideally to a point before the compromise occurred. Critically: in sophisticated attacks, threat actors specifically seek out and destroy or encrypt backups before triggering the ransomware process. Your backups need to be immutable, offsite, and regularly tested for restorability.

Train Your Team Continuously

The human element remains the most exploited vulnerability. Consistent, realistic security awareness training — including simulated phishing exercises — goes a long way toward reducing the risk of an employee becoming the entry point. One click from a well-crafted phishing email is all it takes.

Maintain a Rigorous Patch Program

Software vendors release patches for a reason. When a new vulnerability is discovered, the clock starts: attackers are aware of it too, and they move fast. Every organization needs a documented patch management process with clear timelines for critical vulnerabilities.

Develop an Incident Response Plan

The technical controls above reduce the probability of a successful attack. An Incident Response Plan addresses what happens when controls fail — and they sometimes will. Your IRP should define how you detect, contain, and recover from a ransomware incident, including communication protocols, escalation paths, and recovery time objectives.

Work With an Expert

These examples are foundational components of a mature security program, but they are a starting point, not an endpoint. Blair Carlisle helps organizations assess their current posture, identify gaps, and build the controls and processes that reduce real exposure. Contact us to schedule a risk assessment conversation.

Go Deeper

Questions about your specific situation?

Our advisors work with organizations of every size across the industries covered in this article. Start a conversation — no obligation.

Talk to an AdvisorMore Insights