Story image

Rackspace presents five ways to reduce your ransomware risk

20 Jun 2017

The speed and pervasiveness of the recent WannaCry ransomware attack took the business world by surprise. The extortion malware infected computer networks in more than 150 countries, leaping from Spain, the UK and Germany to Russia, India, China and the US as it spread around the world.

Within hours, hundreds of thousands of computers were displaying local-language versions of the same ransom note: your files have been encrypted, pay the ransom or lose everything.

Early victims included hospitals, banks, telecom firms and transport companies. Organizations in these industries can’t function without access to their digital data, which makes them attractive to cyber criminals. But they can have another vulnerability, too. Many will be burdened with old networked devices running out-of-date software that hasn’t been patched because of the complexity of the network and the difficulty of shutting down systems for updates.

So, what are companies to do? In the wake of cyberattacks such as WannaCry, it’s far too easy to be distracted by the drama of hard-drive encryption and demands for payment. Please remember, though, that payment does not guarantee that your files will be unlocked, and most security experts recommend that you don’t give in to a ransom demand.

The real lesson of WannaCry is that poor risk management leaves you vulnerable. And this boils down to vendors’ poor software security and businesses’ lack of proper prevention. Here are five things you can do to avoid falling prey to ransomware:

Back up your data Maintaining recent backups of your data is essential. Companies that followed this fundamental best practice could safely ignore the WannaCry ransom demand and revert to stored files with little data loss – unless their backup strategy relied on a local storage device, that is. A multi-layered strategy that takes advantage of cloud backup and has a robust approach to redundancy is recommended.

Keep up with patches ​WannaCry hit computers running older versions of Microsoft software that had not been updated, even though patches that fixed vulnerabilities were available. Patch management has been and will continue to be a challenge for many organizations and end-users. Simply keeping up with the latest patches for Windows, Mac and Linux operating systems and your third-party applications will go a long way to reducing your exposure to ransomware.

Check your security software Be sure that you have security software installed and that it’s up-to-date. New malware surfaces every day, so keeping current with your anti-virus software helps keep your data safe. Given the complexity of today’s computing networks, with mobile, enterprise and cloud environments, and our fast-evolving threat landscape, third-party security expertise can be the best way to achieve active and ongoing cyber defense.

Educate staff to spot scams ​WannaCry’s sneaky worm component helped it to spread by exploiting a weakness in a Windows file-sharing protocol, but it was the usual phishing emails and dodgy attachments that opened the door to it. Employee awareness is crucial in avoiding a ransomware attack. Staff should be coached on how to spot scams, and urged to take the time to pause and check emails that don’t look right.

Take the “Security First” approach Weave security awareness and practice into your process from beginning to end. DevSecOps is a concept that emphasizes the importance of integrating security into all parts of IT system development and operations, rather than leaving them disconnected. While perfect security is not possible, concepts like this bring it closer.

In our era of random but persistent threats, such as ransomware, managing security is becoming more challenging by the day. By being proactive, getting the basics right and moving away from some of the more problematic platforms, you can certainly keep many of these threats at bay.

Article by Gene Tang, head of Solutions Architecture at Rackspace Asia.

Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."