Ransomware prevention is a critical priority
As ransomware attacks continue to plague companies worldwide, organizations are looking for the most effective ways to prevent cybercriminals from disrupting business.
Ransomware like Cryptolocker or Locky are usually initiated through email. The message usually contains a malicious URL that launches the ransomware virus when clicked or an attachment that contains malicious macros to execute the virus when opened by an unsuspecting user.
Once the virus has infected a machine or system, it prevents access to or encrypts files and data. Individuals or organizations must pay a ransom to get access to their data again.
To prevent ransomware, you need a sophisticated security solution that provides multiple tools to detect and block ransomware before it can cause damage. To truly protect your organization from ransomware, you also need the ability to backup and recover data quickly in the event of a ransomware attack. Mimecast can help on both fronts.
Tips to prevent ransomware
Update software and systems regularly
A large organization with a network that is not up-to-date is a prime target for ransomware attacks. Cyber criminals haven’t yet learned how to exploit the most up-to-date systems, so be sure everyone in your organization is current with the latest improvements.
Set strong passwords
Cyber criminals have access to special tools that can help them successfully guess passwords, but the more complicated your password, the more difficult it is to guess. It’s also important to understand which area(s) of your organization need stronger passwords and extra security measures such as two-factor authentication
Empower your team
Human error accounts for the overwhelming majority of ransomware breaches, and the best way to mitigate it is with training. Teaching people what to look for in a ransomware email and how to catch an imposter can help stop ransomware in its tracks.
Ransomware prevention with Mimecast
Mimecast's cloud-based subscription service provides email security, continuity, and archiving solutions that help minimize the risk, cost, and complexity of managing business email.
Mimecast can help to prevent ransomware by identifying and blocking potential attacks, and to bounce back from breaches quickly through continuous data protection. This way, users can access email during and after an attack.
As a comprehensive SaaS-based solution, Mimecast eliminates the need to deploy and manage multiple point solutions from a variety of vendors into prevent ransomware. With easy-to-use tools for managing security and archiving, Mimecast reduces the burden on administrators while increasing their control over email management.
How Mimecast approaches ransomware prevention
Mimecast Targeted Threat Protection is a suite of security services for ransomware prevention that enable you to:
- Block malicious URLs. Mimecast rewrites all URLs within incoming and archived emails and scans destination websites on every click to prevent users from visiting a potentially malicious website.
- Protect against weaponized attachments. When an attachment is deemed suspicious, Mimecast sandboxes the attachment before delivery to protect against unknown malware. Or, Mimecast will transcribe the attachment to a safe format, allowing the user to view it immediately.
- Recognize and defend against impersonation attacks. Mimecast protects against malware-less attacks that seek to impersonate trusted senders by scanning all inbound emails in real-time, identifying and blocking or tagging suspicious emails.
Mimecast's ransomware prevention services are informed by third-party and Mimecast proprietary threat intelligence, providing up-to-date warnings about the latest threats. In the event a ransomware attack is successful, Mimecast archiving services enable you to quickly regain access to email data by restoring content to its previous state before the launch of the ransomware attack.
Learn more about ransomware prevention with Mimecast.
FAQs: Ransomware prevention
What causes ransomware?
Ransomware is a type of malicious software or malware that is intended to block users from accessing files and data on their computer until a ransom is paid to the cyber criminals who launched the attack. The most common type of ransomware attack uses a crypto algorithm to encrypt files, allowing data to be accessed only with a decryption key that is obtained by paying a ransom.
Ransomware is often spread via phishing emails that trick recipients into opening a malicious attachment, clicking on a link that takes them to a malicious website, or revealing login credentials that cyber criminals can used to access a corporate network. Attackers may also exploit vulnerabilities in software or systems to gain access to network resources. In each instance, ransomware is surreptitiously installed on the user’s computer. After files on the infected computer have been encrypted, the user receives a ransom note demanding payment, typically through crypto currency.
What is ransomware prevention?
Ransomware prevention refers to the variety of products, services and best practices used to prevent ransomware attacks from successfully infiltrating a user’s computer. The most effective ransomware protection is a multilayered approach to security that includes:
- Security awareness trainingfor users that educates them about the types of phishing email they may encounter which can lead to a ransomware attack. Minimizing human error is perhaps the most effective form of ransomware prevention.
- Anti-ransomware and antivirus softwareand services that identify suspicious email and web traffic, blocking users from receiving potentially dangerous email and from opening potentially malicious links and attachments.
- Regular updates and patchesto software and systems that prevent attackers from accessing vulnerabilities.
- Robust data backup solutionsthat enable organizations to quickly recover from an attack when ransomware prevention efforts are not successful.
- Continuity solutionsthat provide continuous access to email and files during and after an attack, mitigating the potential loss of productivity that ransomware can cause.
- Two-factor authentication protocolsthat can prevent an attacker who has stolen login credentials from successfully accessing the system.
How do ransomware prevention software and services work?
There are several types of anti-ransomware software measures that can improve ransomware prevention.
- Antispam, antivirus and anti-malware programsare often effective at ransomware prevention when it comes to types of ransomware that have already been identified and analyzed.
- Ransomware preventionsolutionsthat scan email and web traffic for telltale signs of a phishing email can help to block new and emerging threats. These may include signs of impersonation attempts or social engineering techniques.
- DNS authentication servicesincluding SPF, DKIM and DMARC, can help to spot emails with sender spoofing which is often employed in ransomware attacks.
- Services that use content filteringto inspect email in real time can block users from clicking links or opening attachments that may be suspicious.
What should I do when ransomware prevention doesn’t work?
When ransomware prevention efforts are unsuccessful and you are the victim of a ransomware attack, you should immediately disconnect the infected computer from the network and from any shared storage, to prevent ransomware from spreading to other computers. After documenting any ransom messages that you have received, report the ransomware attack to the authorities by contacting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at www.us-cert.gov/report, and by reaching the FBI through a local field office. Next, you can explore options for recovering your data, which may involve using tools or services to try to decrypt your files, or wiping your infected computers clean and recovering data from a clean backup.
How does security awareness training contribute to ransomware prevention?
Human error is often a significant contributor to successful ransomware attacks. Ransomware is most often spread through phishing emails that trick users into taking an action that enables the ransomware to launch. Security awareness training can help employees to recognize the signs of a phishing attack and know what to do when they encounter potentially dangerous email and websites.