Cyren Security Blog

Best Practices for Stopping Ransomware

by John Callon

Anti-MalwareMalware AnalysisWeb Security

With the recent return of Locky and continued growth of ransomware and ransomware-as-a-service, there is a good chance you personally know an individual or company that has experienced such an attack or another similar threat. If you work in the computer or security industry, you might also often be asked “What can we do to prevent or block ransomware attacks?”

Ransom note image

In truth, there is no one ‘silver bullet’ that single-handedly stops all threats. But there are a series of steps you, your business, and your family and friends can take to significantly minimize the threat. See our basic best practices below, and  to dig a bit deeper, do avail yourself of our free in-depth threat report on ransomware and our ransomware resources page.

Know the Basics

As the old saying goes: “An ounce of prevention is worth a pound of cure.” As part of any security protocol, always make sure these “cybersecurity 101” steps are part of your personal and business routine.

Back up files at least once a day (or every few hours): If your computer does become infected, a back-up will enable you to wipe the hard drive clean and reinstall critical software and documents, without paying ransoms or buying a new computer.

Keep a recent copy of the files stored on a system that is not connected to your computer: As we saw with Locky, the infection quickly spread between networked computers and systems. Several times per week, back up files and systems on a separate network.

Provide regular cybersecurity training to staff: Ultimately the strongest form of security you have are staff members who are educated and wary about the types of cyberthreats targeting them.

Include social engineering training: Threats don’t always begin with an email. Cybercriminals are now calling staff directly and pretending they’re from the help desk or systems team and requesting access to important data, including documents, user names, and passwords.

Recognize that EVERYONE on staff is a target: In the world of cybercrime, both the junior intern and the CEO are potential targets, since both can provide varying degrees of access to internal systems and networks. Educate and protect all staff members not just those with access to sensitive data.

Train staff to NEVER EVER “enable macros”: Unless you’re working with software developers that regularly use Visual Basic, no one in your company will need or use macros. Further, the vast majority of employees will never receive any document that requires macros to operate. Train staff to watch out for files and a pop-up box that appears saying: “Security Warning: Macros have been disabled—Options.” Encourage them to ignore it and forward the email and document to the security team immediately.

Disable the macro settings in Office software: Set the defaults on employee Microsoft Office applications to make sure that macros are disabled.

Remind staff, friends, and family members to not open unsolicited or unexpected attachments: Many types of malware, including ransomware are often embedded in attachments.

Improve Your Protection

Security is a growing expense of doing business. Unfortunately, the truth is that while most companies employ some limited cybersecurity professionals, it is simply not financially feasible or resource realistic for a company to build their own security systems, particularly given the highly variable and complex nature of today’s cyberthreats. Most companies are better off outsourcing to professional cybersecurity firms that leverage the combination of mass scale of incoming email, with the experience and expertise to worry about patches and the hundreds of thousands of daily security updates. When selecting a cybersecurity vendor, organizations should consider these types of services and solutions:

Email Gateway Security: More than 90% of all cyberattacks start in email. Gateways protect email and infrastructure with real-time antispam and antimalware protection before threats reach end-users.

Web Security Gateway: Emails embedded with the recent Locky ransomware used JavaScript to link directly to malicious URLs that executed malware downloads. The benefit of web security solutions is that they can leverage the massive amount of data coming through a cybersecurity firm’s networks to identify and block compromised URLs, malware downloads, command & control (C&C) communications, and data exfiltration.

Network Sandboxing: Remember we said cybersecurity professionals are becoming increasing stealthy? Nowhere is this more evident than in the amount of malware that is now programmed to detect when it is in a sandbox, and thus stop itself from executing. Networked or “multi-array” sandboxes use a variety of sandboxes, each with different security features to identify and stop never-before-seen malware.

Endpoint Security with Active Monitoring: This type of security offers constant visibility into various network endpoints, so companies can identify breaches more quickly. It is critical to make sure that your company’s endpoint security is entirely up-to-date and operating with information that reflects the latest threats.

Enhance Your Prevention

Ongoing preventative measures can also help ensure that corporate and personal systems remain operational, even when cybercriminals attack. 

Backup and Recovery: Once a backup system is implemented, conduct regularly scheduled full- and incremental-data backups. Then, test the backups at consistent intervals to ensure accuracy and data recovery procedures. Remember to retest after system updates or upgrades.

Limit Network Shared Drives: While shared drive usage is popular and offers a level of convenience to employees, it also has limits when it comes to security. Consider adding no-write permissions, limiting the number of shared drives, or reducing the extent to which shared drives are mapped to large or sensitive file repositories.


 Want to learn more about cloud-based email & web security? Contact us here!

Go back