Executing a strategy to prevent ransomware can save your firm big bucks, expensive downtime, and a boatload of headaches. How bad can it get?
A report from Coveware shows that the average ransomware payment jumped 104% in the last quarter of 2019—up to $84,116 from $41,198 in the previous quarter. If you’re looking for a silver lining, the median value was $41,179, but that’s still a good chunk of change by any measure. Beyond the monetary cost, Coveware reports average downtime also increased in Q4, to 16.2 days from 12.1 days in the previous quarter.
Can you afford any of that? Even if you can, no CFO, CTO, or Tom, Dick or Harry would want to deal with ransomware and its ill effects. So, what can you do to prevent ransomware? I’m glad you asked. Here are six best practices:
1. Secure your RDP
Coveware’s report shows that by far the most common method of attack (57.4% of the time) is via Remote Desktop Protocol (RDP). RDP from Microsoft provides remote display and input capabilities over network connections for Windows-based applications running on a server, and is designed to support different types of network topologies and multiple LAN protocols.
Overall, RDP should only be used if absolutely necessary. You should require VPN to access and employ two-factor authorization (2FA). Coveware states “you ARE being actively targeted if you continue to use RDP access,” so mitigate your risk as best you can.
2. Train all employees…again
The second-most common way for ransomware to get in, at 26.3%, is email phishing, and it’s the preferred method for larger enterprises. Even after all these years, hackers still have luck finding someone foolish (inexperienced? naïve? gullible?) enough to click on something they shouldn’t. Work with HR to establish IT policies and best practices that are part of every employee’s onboarding. Besides arming your people with good info, deploying email security software that flags questionable emails is always to your advantage.
3. Update your SQL Server
Keeping your software updated means you benefit from patching that fixes potential holes. If you’re running SQL Server 2008, you’re out of extended support and should upgrade. It never ceases to amaze us how often patching is on the list of “projects we haven’t gotten to yet.”
4. Be fanatical about backups
Your ability to ignore or resist ransomware could come down to how good your backup protocol is. Regular full and differential backups are a necessity, and make sure to airgap the backups so they stay clean. While you’re at it, encrypt the backups!
5. Use IP Whitelists
If you can control outbound traffic from SQL Server, you essentially cut off the head of any ransomware snake. With an IP whitelist, you ensure traffic only flows to and from approved, safe, and known IPs. If the ransomware can’t be unlocked (because the connection is cut), most often it won’t deploy.
6. Test your systems to better prevent ransomware
Don’t leave things to chance. Stress test your systems and see if you’ve got all the bases covered. You might also consider our Health Check, which verifies most recent patches, audits security and backups, and more with a 750-point review.
You simply have to be proactive about protecting your company and preventing ransomware attacks. Don’t leave it to chance.
