How to effectively protect your information assets from ransomware

Ransomware is a type of malware (malicious software) that encrypts files, preventing access until a ransom is paid to the cybercriminal for decrypt them. If the ransom is not paid, the attacker may threaten to sell or leak the data, causing severe financial, reputational, and other damages for the affected organization.

An asset can fall victim to a ransomware attack for several reasons, including:

• Exposure to malicious content on the web.
• Receiving suspicious files or links via email.
• Connecting infected USB devices.
• Lack of adequate protection measures or default configurations that can be exploited.

The global cost of these attacks continues to rise, reaching alarming figures. The financial impacts include ransom payments, recovery expenses, fines for personal data breaches, business interruption, increased insurance premiums, and security investments. To combat this type of malware, the following key areas need to be addressed:

Security measures against ransomware

1. Keep assets updated by installing the latest security patches. As demonstrated by the WannaCry incident, failing to apply recent solutions that fix vulnerabilities poses significant risks.
   
   
2. Do not open links or files from unknown and unsafe sources. A malicious link can trigger the automatic download of a file designed to infect with ransomware.
   
   
3. Regularly back up data. Once critical data is saved and protected, conduct periodic tests to ensure that backups are available and maintain the integrity of the stored information. An offline backup version of an organization’s essential records will prevent a ransomware attack from locating encrypted content that could be further compromised. As mentioned in a previous article, since file encryption is often coupled with data theft, it’s crucial to complement backups with encryption of sensitive data stored in assets, ensuring that attackers cannot access and illicitly disclose it.
   
   
4. Follow the recommendations of specialized organizations regarding cybersecurity best practices. Restrict user permissions based on the principle of “least privilege,” which limits the impact a ransomware attack could have. Simultaneously, adopting a “zero trust” security policy helps prevent unauthorized access to assets. In terms of credentials, change all default credentials and those that do not meet recommended configuration standards for length and other characteristics. Protect and store them using encryption algorithms to prevent unauthorized use. Additionally, asset protection is significantly enhanced by implementing multi-factor authentication.
   
   
5. Eliminate unnecessary accounts and minimize those that manage system configurations. This prevents attackers from using these accounts to perpetrate ransomware attacks.
   
   
6. Stay informed about identified malicious sources and block them. It’s important to be aware of vulnerabilities that could be exploited in a ransomware attack so that they can be addressed once recognized. Additionally, raising awareness of the threats posed by neglecting fundamental cybersecurity aspects is a key element in preventing ransomware attacks.
   
   
7. Do not provide personal information to unverified sources. Cybercriminals may attempt to obtain this data to design a phishing attack as part of a ransomware campaign. Under no circumstances should USB drives or other storage devices be connected to an organization’s assets unless their origin has been verified and validated, and their contents thoroughly scanned in protected environments.
   
   
8. Use VPN services when connecting through public networks. This resource enhances anonymity, reducing the risk of becoming a ransomware victim. It is crucial for organizations to improve their resilience to recover from an attack. To achieve this, it’s necessary to develop an Incident Response Plan. This plan should include the procedures for response and notification that must be activated when a ransomware attack occurs. Ensure that assets are properly configured, avoiding the activation of unnecessary elements (ports, protocols, etc.) that are not required for business operations. Some applications run macros to automate routine tasks. An attacker can exploit these macros to launch a ransomware attack. Therefore, if they are not needed, they should be disabled to prevent automatic execution.
   
   
9. Apply physical or logical segmentation to separate assets, grouping them according to specific purposes so that if they are attacked by ransomware, they do not compromise the rest of the systems. Segmentation prevents or limits potential lateral movements by the malicious agent.
   
   
10. Implement security tools (anti-malware software, etc.) that can detect malicious activity, along with resources (firewalls, etc.) that protect network-connected assets.
    
    

Given that ransomware attacks are becoming increasingly sophisticated and complex, having cybersecurity experts to prevent and mitigate these attacks is essential.

Ransomware is a constant threat to any organization. It can have devastating effects on all types of businesses, often halting their ability to produce goods and services. Ransomware incidents can lead to financial losses, data breaches, and damage to a company’s reputation. Preparing and applying proactive measures to protect assets and information is crucial to optimizing the response and recovery from such malicious actions.