Story image

Rackspace presents five ways to reduce your ransomware risk

20 Jun 17

The speed and pervasiveness of the recent WannaCry ransomware attack took the business world by surprise. The extortion malware infected computer networks in more than 150 countries, leaping from Spain, the UK and Germany to Russia, India, China and the US as it spread around the world.

Within hours, hundreds of thousands of computers were displaying local-language versions of the same ransom note: your files have been encrypted, pay the ransom or lose everything.

Early victims included hospitals, banks, telecom firms and transport companies. Organizations in these industries can’t function without access to their digital data, which makes them attractive to cyber criminals. But they can have another vulnerability, too. Many will be burdened with old networked devices running out-of-date software that hasn’t been patched because of the complexity of the network and the difficulty of shutting down systems for updates.

So, what are companies to do? In the wake of cyberattacks such as WannaCry, it’s far too easy to be distracted by the drama of hard-drive encryption and demands for payment. Please remember, though, that payment does not guarantee that your files will be unlocked, and most security experts recommend that you don’t give in to a ransom demand.

The real lesson of WannaCry is that poor risk management leaves you vulnerable. And this boils down to vendors’ poor software security and businesses’ lack of proper prevention. Here are five things you can do to avoid falling prey to ransomware:

Back up your data
Maintaining recent backups of your data is essential. Companies that followed this fundamental best practice could safely ignore the WannaCry ransom demand and revert to stored files with little data loss – unless their backup strategy relied on a local storage device, that is. A multi-layered strategy that takes advantage of cloud backup and has a robust approach to redundancy is recommended.

Keep up with patches
​WannaCry hit computers running older versions of Microsoft software that had not been updated, even though patches that fixed vulnerabilities were available. Patch management has been and will continue to be a challenge for many organizations and end-users. Simply keeping up with the latest patches for Windows, Mac and Linux operating systems and your third-party applications will go a long way to reducing your exposure to ransomware.

Check your security software
Be sure that you have security software installed and that it’s up-to-date. New malware surfaces every day, so keeping current with your anti-virus software helps keep your data safe. Given the complexity of today’s computing networks, with mobile, enterprise and cloud environments, and our fast-evolving threat landscape, third-party security expertise can be the best way to achieve active and ongoing cyber defense.

Educate staff to spot scams
​WannaCry’s sneaky worm component helped it to spread by exploiting a weakness in a Windows file-sharing protocol, but it was the usual phishing emails and dodgy attachments that opened the door to it. Employee awareness is crucial in avoiding a ransomware attack. Staff should be coached on how to spot scams, and urged to take the time to pause and check emails that don’t look right.

Take the “Security First” approach
Weave security awareness and practice into your process from beginning to end. DevSecOps is a concept that emphasizes the importance of integrating security into all parts of IT system development and operations, rather than leaving them disconnected. While perfect security is not possible, concepts like this bring it closer.

In our era of random but persistent threats, such as ransomware, managing security is becoming more challenging by the day. By being proactive, getting the basics right and moving away from some of the more problematic platforms, you can certainly keep many of these threats at bay.

Article by Gene Tang, head of Solutions Architecture at Rackspace Asia.

Industry cloud market forecast for ‘unusual’ growth
The market for industry cloud solutions is in good stead with that growth showing little signs of slowing.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.