5 Tips to Fight Back Against Ransomware

Did you know that October is National Cyber Security Awareness Month (NCSAM), both in the United States and Europe? What is it, you ask? NCSAM is a public awareness campaign that inspires businesses and individuals to take proactive measures to protect themselves from cyber threats. As the largest network cyber security vendor globally, Check Point is committed to promoting cybersecurity awareness to help organizations more effectively protect themselves. In celebration of the month, we will be posting a series of blogs that provide you with helpful tips and information to assist you in keeping your organization safeguarded from today’s cyber threats. This blog is the first in our series, please check back often for more installments!


I once read that Bill Gates said, “Treatment without prevention is simply unsustainable.” While I imagine he was talking about disease, this statement rings true across a broad spectrum of topics, including cyber security.

Over the last few years, it seems that we can hardly go a week without hearing about the latest ransomware attacks on the news. It has become a global epidemic that has accumulated high-profile victims, like hospitals and government agencies. But ransomware doesn’t just target high-profile organizations. Enterprises and organizations of all sizes, and across many industries, have rapidly become victims of the ransomware game. You probably even know someone who works for a company that’s been hit by ransomware.

In the fight against ransomware, the best strategy is to prevent becoming a victim in the first place. But where can you begin? The following best practices can help you avoid ransomware attacks against your organization.


1. Back Up Your Data and Files

With the advent of more reliable networks and cloud-based storage, many of us have simply gotten out of the habit of backing up files and data. However, in the event of a ransomware attack, it may be possible to use these backups in lieu of paying the ransom. At a minimum, they will allow you to decide for yourself whether the cost of restoring from backup is more or less costly than the requested ransom.

There is also a second reason why it is extremely important to have those backups. Even if you are willing to pay the ransom, keep in mind that you are placing your trust in the hands of a cybercriminal. What confidence do you have that they will actually provide you the decryption key once you pay? Or even worse, you pay, they give you a key, and you still can’t recover your files. The ransomware may have bugs, or may not work in your environment. Keep in mind that ransomware is not commercial software that has been run through rigorous quality assurance testing.

Since it is not wise to place trust in your attacker, it is important that you consistently back up your important files, preferably using air-gapped storage. Enable automatic backups, if possible, for your employees, so you don’t have to rely on them to remember to execute regular backups on their own.


2. Educate Employees to Recognize Potential Threats

Speaking of employees, user education has always been a key element in avoiding malware infections. This same principle also applies to ransomware. The basics of knowing where files came from, why the employee is receiving them, and whether or not they can trust the sender continue to be useful tools your employees should use before opening files and emails.

The most common infection methods used in ransomware campaigns are still spam and phishing emails. Quite often, user awareness can prevent an attack before it occurs. Take the time to educate your users, and ensure that if they see something unusual, they report it to your security teams immediately.


3. Limit Access to Those That Need It

In order to minimize the potential impact of a successful ransomware attack against your organization, ensure that users only have access to the information and resources required to execute their jobs. Taking this step significantly reduces the possibility of a ransomware attack moving laterally throughout your network. Addressing a ransomware attack on one user system may be a hassle, but the potential implications of a network-wide attack can be dramatically greater.


4. Keep Signature-Based Protections Up-To-Date

From the information security side of things, it is certainly beneficial to keep antivirus and other signature-based protections in place and up-to-date. While signature-based protections alone are not sufficient to detect and prevent sophisticated ransomware attacks designed to evade traditional protections, they are an important component of a comprehensive security posture. Up-to-date antivirus protections can safeguard your organization against known malware that has been seen before and has an existing and recognized signature.


5. Implement Multi-Layered Security, Including Advanced Threat Prevention Technologies

They always say that the best defense is a good offense, and implementing a multi-layered approach to security provides the best opportunity to fend off ransomware and the damage it could cause. In addition to traditional, signature-based protections like antivirus and IPS, organizations need to incorporate additional layers to prevent against new, unknown malware that has no known signature. Two key components to consider are threat extraction (file sanitization) and threat emulation (advanced sandboxing). Each element provides distinct protection, that when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.


Implementing a few key preventative measures in the fight against ransomware can be the difference between staying safe and becoming a victim. Always back up your data to ensure you have it available in the event your files are encrypted. Educate your employees to recognize and avoid potential threats, and limit their access to only those systems and files that they actually need to successfully execute their jobs. Keep your antivirus and other signature-based protections up-to-date to prevent the preventable. And, implement advanced threat prevention solutions as part of a multi-layered approach to security to prevent unknown attacks, like ransomware, against your organization.

To learn more about ransomware, download the Ransomware: Understand and Protect Against the Latest Threats and Tactics whitepaper and webinar.