How do you protect your organization against Ransomware?
Never waste a good crisis”, these famous words by Churchill could not be more relevant today as shown by the increasing number of ransomware attacks which have a significant impact on affected organizations and on our society.
Never waste a good crisis”, these famous words by Churchill could not be more relevant today as shown by the increasing number of ransomware attacks which have a significant impact on affected organizations and on our society. Since the first simple attacks in 2013 , much has changed in the way ransomware attacks are carried out. The danger is no longer present in just in a single infected attachment opened by an employee, but more and more often attackers have been accessing a network for days to months and are not only encrypting files but also erasing backup and code repository systems to prevent easy recovery. Especially for modern software driven organizations, the availability and reliability of data is of great importance.
The damage caused by ransomware attacks last year according to the FBI is $3.5 billion in the US alone. Cyber insurance companies also report an annual claim growth of 30% to 40%. In the media you will find weekly articles of organizations that have been affected by a ransomware attack. The most recent attack on a COVID-19 Vaccine Test Center is an example of damages that can occur that go beyond financial damages alone.
Which precautions can you take?
A layered approach is needed to effectively protect your organization against ransomware attacks. Most ransomware attacks are currently initiated via e-mail, where the in place spam filter is no match for the advanced attacks that are taking place. Also, system running older operating systems and/or unpatched systems have proven to be extremely vulnerable. But also using a non-isolated or unsecured backup solution can cause issues when trying to recover from a ransomware attack.
Fortunately more and more companies are realising the danger of modern ransomware attacks and are taking action. It’s also becoming increasingly clear that no single measure will offer a 100 percent guarantee against ransomware attacks, just as a smoke detector offers no guarantee against a fire spreading out. In addition to taking mitigating measures on a technical level, as described further in this article, we also recommend organizations to look at insurance policies to limit any damage caused by a ransomware attack. The number of cybersecurity insurance policies has increased by almost 50% annually, indicating that more and more companies are taking this threat seriously.
Despite the amount of media attention for ransomware attacks, such as the recent successful attacks on the Vaccine Test Center, but also on companies such as GWK Travelex and Maastricht University, there are still many companies that have not yet taken specific measures to increase ransomware protection. Even though a number of measures are relatively simple to implement. For example, if your organization uses Office 365, strongly consider activating Advanced Thread Protection (ATP). Office 365 ATP protects your organization from advanced threats such as phishing and zero-day malware. The product is industry-leading because Microsoft uses billions of daily signals from Microsoft Intelligent Security Graph to improve real-time security. This prevents emails being an (to) easy entry point for ransomware attacks. Office 365 ATP is fully integrated with Office and works automatically across all devices without your employees having to install or configure anything. Even if your organization already uses an email scanning solution, Office 365 ATP is highly recommended because of the unique integration simply not possible with traditional external products.
The costs of Office 365 ATP (plan 1) is € 1.69 per employee per month.
More information about Office 365 ATP is available on this website.
DevOps and Github
If you are using development tools such as an onprem Git repo, local TFS or Azure DevOps Server, consider using Microsoft DevOps or Github. Microsoft provides multiple layers of protection to ensure the integrity of your source code.
For more information about DevOps and security, please visit this website.
If you are still using a traditional backup solution for your files and servers, Azure Backup is a cost-effective way of backing up both servers as well as (hosted) VMs and Azure workloads. Azure Backup offers an isolated location outside your domain and ensures that your data is kept secure in an Azure Recovery Services Vault.
SQL Managed Instance
If your application uses SQL Server and you cannot use Azure SQL because your application needs for example CLR or Cross-database transactions, we recommend using SQL Managed Instance. A managed instance offers almost 100% compatibility with a traditional SQL Server on a VM (Enterprise Edition) and combines it with the ease of scalability of a PaaS service such as automatic patching, as well as additional services such as Transparent Data Encryption (TDE) and SQL Advanced Threat Protection.
For more information on SQL Managed Instance, see this website.
App and platform modernisation
If you are considering a migration to the Cloud, Intercept's article on "Rehost, Refactor, Rearchitect, Rebuild & Replace" offers relevant information for a carefully designed migration strategy, please see this link.
If you have any questions about the possibilities of ATP plan for your organization. Let us know!