Within the last month or so we have seen a number of high-profile cyber-attacks from today's Petya/Petrwap destructive malware coming hot on the heels of the WanaCrypt0r/WannaCry ransomware attack in May 2017 where systems were infected across 160 countries. Such incidents highlight not only the frequency and sophisticated of cyber threats but also serve as a reminder of the outcomes of human error.
Whether at risk from blocked e-mails or encrypted company data (until a ransom is paid), companies can take action to reduce the impact of random ransomware:
Adopt proactive prevention: Many, but not all, ransomware attacks are initiated by a disguised trustworthy entity asking for sensitive information via an electronic communication. Known as phishing, employees can be helped to recognize such scams through prevention training and awareness programs. Make it easy for your employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.
Elevate e-mail controls: Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and revisit how you configure your e-mail.
Insulate your infrastructure: Stay one step ahead of smart attackers by removing or limiting local workstation admin rights or seeking out the right configuration combinations (virus scanners, firewalls and so on). Also, regular patches of operating systems and applications can foil known vulnerabilities—Microsoft patches related to the WannaCry threat is one of the measures that should be included as part of a normal patching cycle.
Plan for continuity: Having a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested makes it easier to avoid paying any ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers should not be constantly connected to backup devices and the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.