Drowning, Ransoming — and Staying Safe (Pt. II)

Ransomware protection strategies

Drowning, Ransoming — and Staying Safe (Pt. II)

Ransomware protection strategies: Introduction

In our previous discussion, we highlighted the recent security vulnerability known as “Drown,” which is a flaw found in outdated internet protocols. According to SC Magazine, this flaw has rendered over 600 commonly used cloud servers, which businesses rely on for their operations, susceptible to attacks. Now, let’s shift our focus to exploring effective strategies for protecting against Ransomware protection strategies.

The Drown Attack

The article highlights that Drown, like other SSL vulnerabilities such as Heartbleed, poses a significant concern for the majority of enterprises (98.9%) that depend on at least one vulnerable service. This alarming statistic underscores the importance of addressing the issue promptly. Presently, organizations on average have 56 vulnerable services in use, further emphasizing the need for immediate action.

Immediate Action Required

This means if your IT department — or provider — isn’t on this right now, they need to be. Fixes can be relatively simple. “It was troubling that cloud providers had been slow to patch services against Drown,” the article said, “which they can do simply by disabling SSLv2 support.”

The Rise of Ransomware

While the exploitation of the Drown attack remains uncertain, the researchers have chosen to withhold the code until essential network enhancements are implemented. Nevertheless, as reported by the UK’s Register, ransomware has emerged as the preferred choice among cyber-criminals, surpassing botnets in terms of prevalence .Trend Micro reports that file-encrypting ransomware has emerged as the primary menace to enterprises.

Protecting Against Ransomware

While bugs or hacks aim to infiltrate your system and steal data for unauthorized transactions or account depletion, ransomware operates differently. “According to FBI statistics released last June, “the article continues, “(ransomware software) CryptoWall managed to generate more than $18m for its creators in a little over a year. These revenues – traced by monitoring BitCoin wallets and similar techniques – prove that a growing percentage of organizations affected by ransomware attacks are paying up.”

Additional Steps for Protection

In our previous blog post, we shared the initial set of practical tips to protect yourself from falling victim to ransomware. Building upon that, this week we offer additional steps that you and your organization can implement to strengthen your defenses against ransomware attacks.

*Reduce or Eliminate Employee Error:

An employee might click a link in an infected email, installing ransomware in your company’s system. Use the present moment to underscore your company’s safety and administrative policies and retrain employees about “best practices” online. One good place to start with the employee training system in your Conformance PCI ToolKit – it has everything you need… and it’s free!

*Install and Update Virus/malware protection (yes!):

It is astonishing how often the significance of maintaining up-to-date antivirus software is disregarded, despite it being one of the easiest and most impactful methods of safeguarding systems. It is crucial to regularly update your antivirus software to ensure maximum protection. Additionally, collaborate with your IT department to establish automatic scanning for all incoming and outgoing company emails, as well as newly connected devices on the network. By taking this proactive approach, you can significantly enhance your overall security stance.

*Keep Data Backups That Aren’t Connected To Your Network:

Keep data backups offline or someplace where they are not part of the “main” network. This step might seem “retro,” recalling the days when most data resided on paper, but it’s still important for other kinds of disaster readiness — such as in an earthquake or other event.

Contact Us for Assistance

If you need any other upgrading, even with “new basics” like EMV-ready devices (to protect your customers’ data and reduce your liability!), contact your AVPS Rep today! We’ll help keep you dry — and unshackled!