Blog

How to protect your server against ransomware attacks?

Many companies get scared and pay up the demanded ransom almost immediately which only leads to criminals getting more emboldened. 

Seqrite Jun 14th 2018

There is one big reason why ransomware has suddenly become the hot new topic in cybersecurity: its ease of use. The proponents of ransomware have realized that it provides an easy, anonymous way to terrorize corporates and get easy money. Ransomware does not even need any specialized technical knowledge to be effective – hackers can use shared code and even access services which will collect the ransom via Bitcoin.

In fact, a report suggested that ransomware attacks were up by a momentous 400 percent, mainly attributing it to the popularity of WannaCry. Many companies get scared and pay up the demanded ransom almost immediately which only leads to criminals getting more emboldened. It is a double blow for corporate – their reputation suffers immensely while they also suffer financial loss.

1. Keep Endpoints protected

The first step in protecting against ransomware attacks is to keep endpoints protected. Companies should have a security solution for their endpoints which should include a firewall, anti-virus, anti-malware and anti-ransomware. Ideally, there should also be tools to detect suspicious behaviour which could lead to early detection of ransomware attacks.

2. Patch servers

Attackers know that a large corporation may sometimes overlook if their network or servers have the latest patches. Hence, they zoom in on this loophole and attack a company through unpatched software. Hence, organizations must ensure they regularly patch their servers and networks with the latest updates. They must have a proper process to ensure that this stays updated at all times.

3. Regular backups

Organizations must invest in a strong and secure backup plan as a contingency plan in case they are affected by ransomware. But that is just the start – this backup plan must be chosen on the basis of requirement. While the 3-2-1 strategy (where three copies of data are made and stored in two different formats with one company kept away at a remote location) is recommended, businesses must also decide between full data and incremental data backups. Backup plans are highly critical and cannot be underestimated – it can often prove the crucial difference between a business getting back on its feet relatively quickly after a crisis or stumbling into the abyss.

4. Regular assessments and audits

It is important to holistically review a network’s security framework to prevent ransomware attacks. This can be done through conducting regular assessments and audits, if required by a third party. Through these, an organization can get a better understanding of how good their network security is. Ultimately, preparation goes a long way but it is only during an attack when it is tested. An audit allows testing of a company’s defense in a real-time environment.

5. Monitor logs

Sometimes, ransomware may be in plain sight and yet still be undetected. This is because an organization may rely only on their security solution without wanting to do any analysis themselves. But ransomware can often only be detected if there is an eye kept on all network activity. Any anomaly or suspicious usage may be due to ransomware.

6. Employee awareness

Lastly, but definitely not the least, no corporate can protect against cybersecurity threats without their employees, their most valuable asset, buying into it. And for that, they must be cognizant of the damage ransomware can cause. Employees must be trained to detect ransomware and also about the company policy to deal with it.

Seqrite’s Unified Threat Management (UTM) is a great solution for businesses to secure their networks from ransomware. With features like Gateway Antivirus, Gateway Mail Protection, IPS, Load Balancing, Firewall Protection and Automatic Link Failover, UTM acts as a first line of defense ensuring the network is secure.