The United States Federal Trade Commission (FTC) has shared guidelines for small businesses on how to protect their networks from ransomware attacks by blocking attempts by threat actors to exploit vulnerabilities using social engineering or exploits they take. technology targets.
The first step that companies are advised to repel such attacks is to ensure that their technical teams follow the best practices outlined by CISA in this Guide to ransomware and the Factsheet on the Ransomware Threat Rising to Operational Technology Assets.
“A key step in securing is setting up encrypted offline, offsite and information backups that are essential to your business,” the FTC said. “This is not something to spare for a slow day at the office. Your IT team should immerse themselves in the latest advice from CISA and other leading experts.”
The second step, addressing the exploitable human nature of employees, is to train their staff to recognize the tricks used by ransomware operators to infiltrate their target’s network, including phishing messages that deliver malware designed to distribute backdoors to systems. infected.
Attackers will also release and install malware on victims’ devices via malicious online ads (also known as malvertising) or infected sites under their control designed to exploit browser vulnerabilities.
Therefore, employees should avoid potentially risky sites and, as far as possible, only visit websites controlled by their companies’ IT staff.
“Also, educate your staff about the insanity of using the same password on different platforms and consider the many benefits of multi-factor authentication,” the US government agency added.
How to deal with the consequences of a ransomware attack
Businesses affected by a ransomware attack should limit the damage by isolating compromised devices from the rest of the network, report the attack to authorities (for example, the local FBI office), and notify their customers if data has been stolen earlier. that the systems were encrypted.
The FTC also provides detailed guidance with all the steps businesses need to take to effectively respond to a ransomware attack.
This guide also includes a notification letter template to notify affected individuals whose names and social security numbers have been stolen in ransomware attacks.
The FTC also shared a list of common sense steps in an earlier warning released last year that would help companies reduce the risk posed by ransomware attacks:
- Keep your network up to date and make sure all your software is up to date.
- Back up your systems regularly and keep those backups separate from the network. Use separate credentials for your backups so that even if your network is compromised, your storage remains safe.
- Practice good cyber hygiene. For example, find out which devices are connected to your network so you can identify your exposure to malware. Implement technical measures that can mitigate risks, such as endpoint security, email authentication, and intrusion prevention software.
- To be prepared. Make sure you have an incident response and a business continuity plan. Try it out in advance so that you are ready if a seizure occurs.
- Train your employees on how to recognize phishing attacks and other forms of social engineering.
Last month, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) revealed the actual extent of the financial losses suffered by ransomware targets lately from connecting nearly $ 5.2 billion in outgoing BTC transactions to ransomware payments.
FinCEN’s analysis is derived from Suspicious Activity Reports (SARs) linked to ransomware incidents and archived by US financial institutions this year, between January 2021 and June 2021, as required by the Bank Secrecy Act.