Oh $#!+: Two words you never want to mutter at four in the morning as your phone lights up. And yet, as alerts pour in from infrastructure monitors, that's exactly what's happening far too often as ransomware attacks run amok.
The question on everyone's mind: Who's safe? With a little proactive planning, you can be. Here's how.
Step one: Copycat
The first step toward a safe IT environment is a simple backup. Backup? You read that right—yes, something as simple as a data backup actually can solve one of the most painful malware epidemics in recent memory. It's essentially ransomware's kryptonite, provided your backup server isn't open to the attack. It's on a separate network, right!?
Ransomware operates on the simple premise that encrypting your data puts your organization squarely between a rock and a hard place. It aims to encrypt your data, so you're left with only one response: Pay up. Maintaining protected, comprehensive backups of critical data is a quick way to pull the rug right out from under nasty malware. You can essentially negate ransomware's biggest threat.
How exactly can you go about protecting your environment with backups? Here's a few simple guidelines to get you up and running:
- The more important the data is, the more frequently it should be backed up—and the further back the copy should go.
- As the great Gandalf once said, "Keep it secret. Keep it safe." Make sure your backup platform is protected from the machines it serves.
- Be sure to maintain an actionable plan for restoring backups and give it a few dry runs to make sure it actually works.
If you need extra help to make sure your backup plan is a good one, TechTarget comes equipped with a valuable list of backup plan dos and don'ts.
Step two: Close the door
As effective as a comprehensive backup strategy can be at mitigating damage from an attack, it's a decidedly inefficient approach. After all, if your only defense is a plan to react, well, you're inviting disaster. In this case, maybe the best defense is a good offense—and no, I don't mean scouring the dark web for mercenary malware scripts. Take the role of supreme software czar in stride and be absolutely merciless in your discrimination of the software that makes its way to a hard drive near you.
Application whitelisting is the name of the game here. This is the process of creating a software-enforced policy that governs which applications can install, run, communicate, etc., within your network and on your workstations. This is your virtual bouncer that, with any luck, will put a stop to potential ransomware attacks before they even get off the ground.
In that sense, it's really not an offense at all. Just a really good, targeted defense that's intelligent enough to weed out the bad stuff from propagating across your network.
Ruling your environment's applications with an iron fist and maintaining backups of critical data are two of the best ways to combat ransomware, but there's at least one more. This one piggybacks on the intelligent defense just discussed. If whitelists protect your workstations and servers by determining what can and cannot be installed or run, the next logical step is to invest in infrastructure that can monitor itself.
These are kind of like self-aware machines, only without Skynet's grim end to humanity. In this scenario, simple infrastructure—like self-healing printers or IoT devices—can monitor their own health and detect abnormalities in normal routines. When these abnormal circumstances come to light, the device automatically takes itself offline to perform diagnostics and recovery. This effectively quarantines potential outbreaks.
Ten years from now, malware may be a relic of the past. Unfortunately, you're probably one flux capacitor shy of getting there. In the meantime, focusing on backups, application whitelisting, and even an investment in self-healing hardware can help you pass the time while this storm blows over.