Dominating the threat landscape in 2017, ransomware has now become an issue that all modern businesses need to worry about. According to Google Trends, ransomware was by far the most searched cybersecurity topic of last year. Even popular TV shows like Grey’s Anatomy incorporated the topic into their storylines. And while ransomware isn’t a new phenomenon, it has quickly grown from a mild annoyance to a shocking financial burden for many businesses and healthcare institutions today.

The fear surrounding ransomware is at an all-time high. However, worrying about whether or not your organization or hospital will be attacked is only effective if it actually causes you to do something about it.

The truth is that ransomware is just like any other cybersecurity threat. With the proper defensive measures in place, you can secure your network.

10 Keys to Creating a More Secure and Resilient System

So, how do you stop worrying about ransomware and create a more breach-resistant system?

While there is no single control you can deploy to ensure you are protected against a ransomware attack, there are several things that you can implement together to help prevent or detect these attacks.

Here are 10 keys from a comprehensive ransomware preparation checklist our team at LBMC created to help clients proactively prepare:

  1. Ensure you have a mature and tested data backup process. Performing regular backups ensures that a current backup of your data will be ready at a moment’s notice.
  2. Deploy regular vulnerability and patch management processes. A superior vulnerability and patch management process will ensure that all internal and external hosts are not vulnerable to the delivery methods most commonly used to initiate an attack.
  3. Implement the “principle of least access” for network file shares. Limiting the privileges that users have to network file shares will also limit what the ransomware is able to encrypt.
  4. Take advantage of application whitelisting. This will allow trusted software to run while preventing unknown software, such as malware, from running.
  5. Leverage IDS/IPS technology with threat intel. Detecting ransomware events in real-time will enable a quicker response from your team, limiting the time that the ransomware has to spread.
  6. Block TOR and I2P Traffic. Blocking access to these anonymous networks will prevent the ransomware from communicating with their C2 servers and may thwart the ransomware from fully installing.
  7. Block Uncategorized and Unknown Websites. This step could potentially cause issues and should be tested and monitored before implementation.
  8. Disable active content in Microsoft Office Files. Ensure that active content is disabled by default, and train users not to click the “Enable Content” button unless they are 100% certain the file is not malicious.
  9. Utilize Cloud-managed SIEM to proactively identify potential threats. Monitoring system and application log files for indicators of ransomware attacks can allow you to identify attacks early and possibly contain them.
  10. Ensure employees are trained on ransomware risks. The first line of defense within an organization is its people. Therefore, employees need to be properly trained and educated on today’s cyber risks, including how to identify and avoid malicious emails and websites.

Preparing for Ransomware Without Being Held Hostage

Obviously, there’s a lot that goes into protecting your organization or hospital against a ransomware attack. Implementing all the steps required for creating a secure system that is very difficult to breach takes a lot of work. There are a lot of moving parts.

So, how do you do it without feeling like your time and resources are being held hostage? That’s where BALLAST comes in. BALLAST was created to help you eliminate the guesswork of assessing your current risks and managing the process of creating a secure system. BALLAST puts you in the driver’s seat and provides turn-by-turn directions for everything that’s needed to protect your organization against possible ransomware threats.

To learn more about how BALLAST can help you create a system to protect against ransomware, connect with our team today.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.