10 Ways to Defend Against Ransomware Attacks

Credit: Getty Images
Author: Carlos Arnal, product marketing manager, WatchGuard Technologies
Author: Carlos Arnal, product marketing manager, WatchGuard Technologies

Ransomware attacks are dramatically increasing in number and frequency year over year, with high-impact, headline-making incidents continuously growing in volume and scope. Ransomware gangs are also looking at their primary victim’s business partners to pressure them into paying a ransom to prevent data leakages or business disruptions caused by the attack.

Sometimes ransomware attacks are caused by security gaps in systems, software, or a missed update, and sometimes they can be caused by an employee unintentionally clicking on a malicious link. Either way, they are damaging and can cost your clients heavy fines, downtime, and a loss of customers and their trust.

How Can MSPs Help SMBs to Prevent Ransomware Attacks?

The fact is, there is no silver bullet way to prevent a ransomware attack. Even the most protected and prepared businesses can fall victim to ransomware. However, MSPs can take steps to lower the chances of their SMB clients falling victim to an attack.

Traditional protection methods relying on malware signatures are not enough against ransomware threats. Indeed, attackers design their ransomware to bypass conventional protection layers. These threats should be managed with a comprehensive security solution that responds to the latest threats.

Arm your clients with an advanced endpoint security solution. These tools have been around a long time but are still critical in a ransomware prevention strategy. They should include a series of capabilities that help to prevent, detect and respond against sophisticated cyberattacks, such as behavioral detection, anti-exploit & anti-malware technologies, RDP protection, anti-phishing, decoy files, shadow copies, computer isolation, and threat hunting services.

Leverage patch management. When software providers identify bugs, they publish that info and offer an update to patch that vulnerability. Use a strong password manager. This simple line of defense can drastically reduce the chances of a ransomware attack or any other cyberattack system. Implement multi-factor authentication (MFA). Ransomware attacks typically start with the theft of a user’s credentials that gives an attacker access to the network or a sensitive business account.

Often, ransomware attacks can infiltrate a business’s systems, going undetected. One way to drastically improve ransomware prevention and protection is to have tools that identify it before it spreads across a network and responds if cyberattackers sneak into your systems.

10 Ways to Defend Your Customers Against a Ransomware Attack

  1. Perform frequent backups of critical data, system images, and configurations regularly. Test backups and maintain them offsite and offline where attackers can’t find them.
  2. Use multi-factor authentication (MFA). Set and enforce strong passwords, managed through a password manager.
  3. Limit access to resources over internal networks and enforce time-based access for privileged accounts. Restrict permissions, remove local administrator rights from end users, and block application installation by standard users.
  4. Make sure your customer security solutions are up to date. UTMs with sandboxing can detect malicious files coming into the network.
  5. Patch everything, patch early and patch often to keep all operating systems and software up to date. Ransomware attacks like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
  6. Implement robust anti-phishing protection with different security layers at the endpoint and perimeter.
  7. Lock down accessible services at the firewall. If your client does not need it, turn off RDP, and use rate limiting, 2FA, VPN, or other remote access tools.
  8. Ensure anti-tamper protection is enabled – Ryuk and other ransomware strains attempt to disable your endpoint protection.
  9. Monitor and respond to alerts. Consider implementing advanced endpoint security solutions such as an EDR that includes a zero-trust protection model approach with multiple layers of defense.
  10. Raise awareness among users about the risks of phishing and educate them about the dangers of social engineering as part of the best cybersecurity practices.

Ransomware attacks are growing and more sophisticated than ever. They are a sustainable and lucrative business model for cybercriminals. Customers worried about improving their security posture can leave it to those MSPs who can deliver advanced endpoint protection and security services to their customers, so they will not need an in-house team — saving time and costs and reducing resource burdens. To learn more about how MSPs can help prevent their SMB clients from falling victim to a ransomware attack, take a look at our eBook – Escape the Ransomware Maze.

Guest blog courtesy of WatchGuard Technologies. Read more WatchGuard guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.