5 Essentials of Ransomware Protection (And Recovery!)
As we recently published in the Datto State of the Channel Ransomware Report, ransomware will cost small businesses in the U.S. an estimated $75 billion in downtime in 2016. To help enable MSPs to protect their clients from this costly risk, we’ve put together five essential strategies for protection against ransomware:
1. Deploy reputable, multi-layered endpoint security: With endpoint security, you can attempt to thwart ransomware attacks in the first place. It’s important to look for a defense solution the protects web browsing, controls outbound traffic, secures system settings, blocks phishing attacks, and continuously monitors individual endpoints.
2. Implement backup and disaster recovery: If there is a ransomware infection at a business, it is essential to recover and restore data quickly as possible to avoid any costly downtime. There are many automated on-premises and cloud-based backup solutions that will back up data and create an air gap to stop ransomware from infecting networked drives. This will allow a company to quickly return to normal.
3. Disable autorun: Autorun is a useful feature, but it is used by malware to propagate itself around a corporate environment. Malware increasingly uses autorun as a means of proliferation, especially with USB memory sticks.
4. Create strong Windows policies: For the majority of businesses on Windows, consider using Windows Policies to block certain paths and file extensions from running. Policies can be set up in groups, which is useful if varying levels of access are required. (Note: test any policies on a test PC.) Windows created local copies of the files using the VSS copy service. Ransomware like CryptoLocker will encrypt this area because it holds VSS copies for the local drive (normally the C:\ drive.) Using Windows Policies to block access to the service helps stop ransomware from erasing local drive file backups. Policies should point to the VSSAdmin executable. Any attempt to access or stop the service will result in a block.
5. Educate Your End Users: The employees are often the weakest link when it comes to the health of a company’s cybersecurity. Ransomware will continue to thrive as long as the end users, who often don’t even know the virus exists, continue to fall for phishing scams, which are the #1 root of a successful attack. Providing employees with the basics of ransomware, so that they know how to identify a malicious email or link, could make all the difference. When educating end users, it is important to provide them with facts that will resonate, whilst avoiding getting too technical and ensure they understand the threat.
To learn more about educating end users about cybersecurity and keeping business data safe, check out Datto’s State of the Channel Ransomware Report, featuring data from a survey of 1,100 MSPs about ransomware.