Story image

Rackspace presents five ways to reduce your ransomware risk

20 Jun 2017

The speed and pervasiveness of the recent WannaCry ransomware attack took the business world by surprise. The extortion malware infected computer networks in more than 150 countries, leaping from Spain, the UK and Germany to Russia, India, China and the US as it spread around the world.

Within hours, hundreds of thousands of computers were displaying local-language versions of the same ransom note: your files have been encrypted, pay the ransom or lose everything.

Early victims included hospitals, banks, telecom firms and transport companies. Organizations in these industries can’t function without access to their digital data, which makes them attractive to cyber criminals. But they can have another vulnerability, too. Many will be burdened with old networked devices running out-of-date software that hasn’t been patched because of the complexity of the network and the difficulty of shutting down systems for updates.

So, what are companies to do? In the wake of cyberattacks such as WannaCry, it’s far too easy to be distracted by the drama of hard-drive encryption and demands for payment. Please remember, though, that payment does not guarantee that your files will be unlocked, and most security experts recommend that you don’t give in to a ransom demand.

The real lesson of WannaCry is that poor risk management leaves you vulnerable. And this boils down to vendors’ poor software security and businesses’ lack of proper prevention. Here are five things you can do to avoid falling prey to ransomware:

Back up your data Maintaining recent backups of your data is essential. Companies that followed this fundamental best practice could safely ignore the WannaCry ransom demand and revert to stored files with little data loss – unless their backup strategy relied on a local storage device, that is. A multi-layered strategy that takes advantage of cloud backup and has a robust approach to redundancy is recommended.

Keep up with patches ​WannaCry hit computers running older versions of Microsoft software that had not been updated, even though patches that fixed vulnerabilities were available. Patch management has been and will continue to be a challenge for many organizations and end-users. Simply keeping up with the latest patches for Windows, Mac and Linux operating systems and your third-party applications will go a long way to reducing your exposure to ransomware.

Check your security software Be sure that you have security software installed and that it’s up-to-date. New malware surfaces every day, so keeping current with your anti-virus software helps keep your data safe. Given the complexity of today’s computing networks, with mobile, enterprise and cloud environments, and our fast-evolving threat landscape, third-party security expertise can be the best way to achieve active and ongoing cyber defense.

Educate staff to spot scams ​WannaCry’s sneaky worm component helped it to spread by exploiting a weakness in a Windows file-sharing protocol, but it was the usual phishing emails and dodgy attachments that opened the door to it. Employee awareness is crucial in avoiding a ransomware attack. Staff should be coached on how to spot scams, and urged to take the time to pause and check emails that don’t look right.

Take the “Security First” approach Weave security awareness and practice into your process from beginning to end. DevSecOps is a concept that emphasizes the importance of integrating security into all parts of IT system development and operations, rather than leaving them disconnected. While perfect security is not possible, concepts like this bring it closer.

In our era of random but persistent threats, such as ransomware, managing security is becoming more challenging by the day. By being proactive, getting the basics right and moving away from some of the more problematic platforms, you can certainly keep many of these threats at bay.

Article by Gene Tang, head of Solutions Architecture at Rackspace Asia.

Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
Vertiv appoints new Malaysia country manager
"With Wooi Keat leading the Malaysia business, I am confident that we will be able to solidify our position as the preferred partner for critical infrastructure solutions.”
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Site24x7 enters China market with new Shanghai data centre
This is Site24x7’s fifth data centre around the globe, with the company set to announce another in Beijing in the next quarter.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.
Global server market maintains healthy growth in Q4 2018
New data from Gartner reveals that while there was growth in the market as a whole, some of the big vendors actually declined.