Cybersecurity Cyber Security

Fortinet shares tips to mitigate effects of ransomware attacks

Cybersecurity solutions and services company Fortinet emphasized the need for organizations to have tighter data protection than before. Citing the increasing ransomware attacks, Fortinet said it is imperative that companies implement a ransomware protection strategy that includes cyber hygiene best practices. 

Companies need to be wary of the different ways cybercriminals carry out their ransomware attacks.

Fortinet’s new augmentation services to support security teams
Email security with Fortinet’s FortiMail

Ransomware attacks come in many forms, but they can be categorized into five primary types: 

1. Crypto Ransomware or Encryptors: This malware encrypts files and data within a system, making the infected content inaccessible without a decryption key. 
2. Lockers: Similar to encryptors, but they lock the user out of their system entirely. 
3. Scareware: A fake software that claims to have detected a virus or issue and directs the user to pay to resolve it. Some variants will lock the user from other system functionalities, while others will flood the screen with pop-up alerts without causing any damage. 
4. Doxware/Leakware: This malware threatens to distribute sensitive information or company files online and pressures the user into paying a fee to prevent data from being made public. 
5. Ransomware-as-a-Service (RaaS): This malware is carried out and managed by professional hackers, who are paid by an individual for all aspects of the attack, from distribution to payment collection and access restoration. 

Targets

“Ransomware attacks are indiscriminate and can target anyone with an internet connection, whether it is a private individual, business, or any other entity,” Fortinet said. “All individuals need to ensure their systems are adequately protected. If a business is attacked by ransomware and cannot recover, it may put the business and its employees at risk, leading to real-world consequences, such as unemployment and loss of income.” 

Detection

In case of a ransomware attack, the first step is to notify the organization’s cybersecurity management team or security manager for an internal security operations center (SOC) team. Depending on the severity and nature of the attack, a trained security expert can guide the team on the next steps. It is essential to minimize exposure and understand the problem before reacting. Some organizations may have legal or internal notification requirements that must be followed. 

Common mistakes

One of the most common mistakes companies make is not having complete coverage of their systems. This can leave loose ends for hackers to exploit, especially given the prevalence of remote work and email as vectors for ransomware. It is essential to ensure proper security measures are in place and integrated into a cybersecurity platform to maintain visibility, mitigation, and remediation. 

Preventing a ransomware attack 

  • Equip all systems with the latest cybersecurity defense and detection solutions, such as advanced endpoint detection and response (EDR) technology. 
  • Train employees on threat trends to help them avoid suspicious activity and report it properly. 
  • Keep systems updated and patched, limit network access, and regularly back up data. 
  • Implement a disaster recovery plan in case of an attack and regularly test it to ensure it is effective. 

“Ransomware attacks can come in many forms and target anyone with an internet connection,” Fortinet said. “It is essential to implement a ransomware protection strategy that includes cyber hygiene best practices to be prepared in case of an attack. This involves updating and patching systems regularly, minimizing administrator access, using the most up-to-date cybersecurity defense and detection solutions, and even educating employees on the current threat trends.” 

2 replies »