How Does an Organization Prevent Data Loss From Ransomware?

Written By: Ontrack

Date Published: 28 November 2024 02:53:18 EST

How Does an Organization Prevent Data Loss From Ransomware?

In recent years, ransomware has repeatedly made the headlines. Organizations and consumers around the world have become the target of cybercriminals. There is an increase in the number of data loss incidents and data breaches as a result of cyber-attacks and ransomware. Because no company is safe, organizations need larger disaster recovery budgets and extensive knowledge of ransomware.

We have listed some important tips to prevent data loss from ransomware:

  1. (Offline) Backup: To protect yourself means that there must be a backup of your data. This way you can restore the system quickly and without problems. Increasingly, the backup is the target before the ransomware attack is triggered. Follow the ‘3-2-1-1-0 rule’ – 3 copies of the data, stored on 2 different media, of which 1 is offline and 1 is offsite and verified that is has 0 errors . As a result, it is virtually impossible that your backup is affected by malware. Offline backup is the best insurance with ransomware, but it requires you to have routines and procedures to test if the backup is working at its best and is complete.

  2. User training, so your users can recognize a possible attack. Make sure they know how to get the best practice to avoid accidentally downloading ransomware or opening the network to outsiders.

  3. Beware of phishing emails; don’t open attachments in emails if you don’t know the sender – One of the most common ways to get infected with ransomware is opening an email attachment! Cybercriminals have become much smarter. If you receive an email that you are not sure about, check that the email address really comes from the person who is claimed to be from. Does it say that the mail is from Apple, but is the e-mail address XXX-789.com? Then you know it's a fake e-mail.

  4. Do not visit suspicious sites - Some websites can be dangerous and malicious, so be super-cautious when you surf the internet. Suspicious websites such as gaming, file sharing and other websites with "free" downloads may include ransomware. Ransomware may also be hidden under web banners or other scripts in the web page. If you need to visit such a site – you are a journalist, for example – be aware that you are at risk and prepare with the most advanced anti-virus software on the market. Do not click on unnecessary banners to prevent infection.

  5. Use secure passwords Some ransomware is not delivered via an email, but through traditional hacking and passwords. If the password (or passwords) of one person is stolen and hacked, the criminal has access to the computer and can infect it with ransomware. Where possible use Multifactor authentication (MFA). Use strong passphrases with a minimum of 15 characters. You can use a password manager if you have trouble remembering passwords.

  6. Use up-to-date security programs Make sure your computer has the latest anti-malware software/ Endpoint detection and response software. This way you are protected from potential threats. Is your computer not equipped with security software by default? Then look for it quickly!

  7. Make sure your operating system and software are up to date and there are no redundant services. By keeping your operating system up to date, hackers cannot access the system. This can occur if weaknesses in the system arise as a result of outdated software. Disable unnecessary services. For example, the Windows Remote Desktop Protocol (RDP). Ransomware can easily spread from one computer to another via this protocol. So, if RDP is not needed in your business or small business, always leave it off!

  8. Make sure all devices are password protected. When setting secure passwords on your devices, make sure they are safe and that you do not use the same password for multiple devices. It may seem like a simple tip, but a lot of people don’t always use a password!

  9. Segment network and access rights: Develop IT policies that restrict infections on other network resources. Businesses need to take precautions, so if a device gets infected with ransomware, make sure it doesn’t penetrate to the entire network.

  10. Protect and manage admin accounts: Think about MFA, Secondary super admin access, force logout superadmins, Use Privileged Access Management, or PAM, which limits access to critical security and administrative functions.

If your data is infected by a new version of ransomware, you do not have an up-to-date backup of your files and you are unable to find a free decryption tool for this particular ransomware type, the only chance of recovery without paying the ransom, is to consult a data recovery service provider.

Specialized ransomware data recovery experts such as Ontrack, as well as data security companies, track the various ransomware variants and develop specialized tools of workarounds to recover infected files or entire storage systems. In many cases – but not all – experts have found ways to recover the data infected by the most common ransomware types. So, if you have been the victim of an attack, it is a good idea to give them a try. Compensation will be charged for recovering your data, but you will do your part to stop the criminals  not supporting them by paying the ransom.

More information:

Data Recovery from Ransomware Attack

Read our Ransomware guide

 

 

 


 

 

Subscribe

KLDiscovery Ontrack Limited, Nexus, 25 Farringdon Street, London, EC4A 4AB, United Kingdom (see all locations)