It is a word that can paralyze system admins and business leaders alike. It is responsible for billions of dollars’ worth of damage in cyber property. It can literally take a successful, profitable company out of business overnight. What is it? Ransomware.
Ransomware is one of the most destructive and fear-inspiring cyber threats this decade. In little to no time, mountains of your valuable corporate data can be turned into unreadable, useless characters without you knowing it. If you are a Managed Service Provider (MSP) and are responsible for the data of many clients, you must take action to protect against ransomware.
Let’s look at five steps to protect your clients’ data from ransomware attacks and see how MSP’s and other service providers can effectively protect the data entrusted to them.
Table of Contents
Who Needs to Get Protected from Ransomware Attacks?
When you look at the targets of ransomware infections, literally anyone can be a victim of a ransomware attack. No one is immune or safe from the sights of attackers using ransomware. In the early days of ransomware, attackers preyed on anyone from individual home users to large businesses.
In the last couple of years, it has become evident that attackers are turning their attention to more focused attacks that will yield the most payout for their efforts.
There were some reports in 2018 that seemed to indicate that ransomware attacks were becoming less common. However, this appears to have been the calm before the storm. A recent report by McAfee stated that attackers are once again using ransomware heavily, so we all need to protect from ransomware attacks.
The McAfee report shows that new ransomware attacks have grown some 118% in 2019. It appears the key trend with ransomware has been targeted campaigns against certain industries and business sectors that are set to yield large payouts.
The healthcare industry has been a prime target in 2019 with dozens of hospitals falling victim to ransomware infection. Just a day or so ago, at the time of this writing, Wood Ranch Medical will permanently close its doors after a successful ransomware attack encrypted all its patient records. The backups were also encrypted, leaving the medical practice unable to recover either data or its business. As a result, Wood Ranch Medical is closing in December of this year.
Government agencies have also been the victims of these targeted ransomware attacks. In August 2019, a coordinated attack targeted some 23 Texas government agencies with ransomware to extort large sums of money from these agencies.
It is clear that in the early days of ransomware, the attacks were “attacks of opportunity”. However, now with a large scale, very targeted attacks that are carried out in a coordinated effort, attackers are targeting systems and industries in a more focused and directed manner.
Business with a large potential damage path are the types of businesses and industries that attackers are targeting and that especially need to protect themselves from ransomware. Certainly, businesses that are Managed Service Providers (MSPs) need to be thinking about ransomware attack protection. This includes bolstering the security of their clients and any customer data they are storing or managing against potential ransomware infection.
When you think about the potential fallout from MSPs that may fall victim to ransomware infections, the effects could be devastating. Depending on the size, Managed Service Providers (MSPs) generally have the “keys of the kingdom” to tens, hundreds, and maybe even thousands of customer’s data and systems.
Ransomware that successfully infiltrates the defenses of an MSP could potentially render not only the MSP, but also all of their client’s data useless. If your business stores or manages customer data, what is the best way to protect against ransomware attack? Ransomware attack protection and remediation is a multi-faceted solution. Let’s see what MSPs and other businesses can do to protect themselves and their clients.
Five Steps to Protect Your Clients’ Data from Ransomware
In general, the steps to protect your clients’ data from ransomware is a combination of security and backups. This provides a powerful “one-two” punch needed to both protect and restore data that is affected by ransomware. Breaking these two into specific ways to protect against ransomware, you need the following:
- Automate your ransomware attack protection
- Protect your logins against ransomware with Brute Force attack protection
- Block dangerous applications
- Automate Alerting and notifications
- Create Effective Backups – Automated, versioned, offsite, secure, and restorable
Let’s see how each one plays a key role in protecting against ransomware attacks.
1. Automate Your Ransomware Attack Protection
The threats that come from today’s cybersecurity attacks including ransomware are often numerous, sophisticated, and ever-changing. When it comes to protecting your clients against ransomware, you need a security solution that is able to use automated intelligence to watch for and stop ransomware attacks in real-time.
When the end users of your business or your clients get the ransomware pop-up demanding the ransom payment, it is too late. At that point, the encryption process has already done its damage. Having automated security protection in the form of security software that is able to “watch” your environment for malicious processes and other abnormal activity is a great way to protect your business and your clients from ransomware.
Keep in mind that ransomware protection needs to include your cloud environments. With more and more businesses moving data to the cloud and managed environments using cloud Software-as-a-Service offerings for their clients, automated security solutions need to have the ability to monitor activity in cloud environments as well and identify malicious processes that may be trying to encrypt files across your client’s cloud environments.
2. Protect Your Logins Against Ransomware with Brute Force Attack Protection
One of the primary conduits of spreading malware inside the corporate network is by using compromised RDP terminal servers and other exposed systems on the Internet. Attackers often use brute force attacks on these systems to “guess” passwords to common accounts. Once the account is compromised, the attacker can often gain entrance into the corporate network and attack the data with ransomware.
Client’s networks need to have good security measures in place to both detect abnormal login attempts as well as brute force logins. This helps to close down potential vulnerabilities to the internal corporate network. By recognizing abnormal logins and brute force attacks login protection allows stopping these before they are able to compromise the internal security of your client’s environments.
Again, cloud environments are vulnerable to brute force attacks as well so you need to have the security mechanisms in place to secure those systems as well.
3. Block Dangerous Applications to Protect Against Ransomware
There is no question that a common way that end user systems are infected with ransomware is by means of malicious files, applications, and executables. Blocking potentially risky applications should be a priority. Making use of blacklists and whitelists of applications can be key to enforcing safe installations of software on corporate networks.
4. Automate Alerting and Notifications
If you are a Managed Service Provider with multiple clients and managing multiple environments, automated alerting is key to being able to see potential security issues as they occur in real-time. Alerting in your client’s environments allows effectively seeing security events that need attention.
This can be abnormal login activity, risky application installations or blocks, as well as even outright ransomware processes detected. Having visibility by means of alerting is key to being able to effectively secure and manage client environments with ease and efficiency.
5. Create Effective Backups
Security is absolutely necessary. However, there is no security known that is 100% effective. This means that there is always the chance of getting infected with ransomware even if you are doing all the right things to secure your client’s environments. Backups are absolutely essential to recovering from ransomware.
In fact, the only way to recover from ransomware aside from restoring from backup is paying the ransom. So, backups of your environment, as well as the environments of your customers, is absolutely key. What constitutes an effective backup?
Effective backups are those backups that you can restore. In other words, your backup is only as good as your ability to restore it. Outside of being able to restore your backups, you want backups that are automated, versioned, offsite, and secure.
- Automated – Automated backups take human error out of the equation. This means your backups run on a schedule that allows taking a snapshot of client data at predetermined intervals.
- Versioned – Multiple versions of the files in your environment allow “going back in time” and picking a version of your files that you want to restore.
- Offsite – A common theme with ransomware attacks today is they look for certain backup file types. Attackers are getting smart and are actively looking for backups of your mission-critical data. Make sure your client’s backups are stored offsite in a “disconnected” system of sorts that cannot be “touched” by ransomware that infects your systems onsite.
- Secure – Backups need to be both transmitted and stored with encryption technology. This is the good encryption, or encryption that you are in control of that protects your client’s data as it is traveling across the network and stored on disk.
With effective, protected, secure backups, your data and your client’s data is always safe and restorable. Backups are an absolute priority. Make sure you and your clients are protected both on-premises and in the cloud.
Ransomware is a plague to your business and your client’s data. It can zap data in a manner of minutes. If you are a managed service provider, a successful ransomware attack can take both you and your clients out of business. There are effective methods you can use to protect from ransomware attacks.
The twofold approach of effective security and backups is a general rule that you must be following when developing a strategy to protect against ransomware. Security involves many things. This includes automated ransomware protection, abnormal login protection, blocking dangerous applications, and automated alerting. Effective backups are those that are automated, versioned, offsite, and secured.
Client’s cloud environments must be secured and effectively backed up to protect data that has been migrated to Software-as-a-Service applications. Using solutions on the market like Spinbackup for G Suite and Office 365 provides an easy way to protect the SaaS data of your clients stored in cloud environments and achieve the security and backup objectives mentioned.
Protecting your clients from ransomware should be a top priority. While not easy, if you use a combination of good security and backups as well as effective tools to implement these, you will get the best protection against ransomware.