How to Defend Your Organization Against Malware and Ransomware [2020]

Tips to Fight back Against Ransomware, Browser Hijacking Malware

Just when it seemed like ransomware had died out as a threat to big and small businesses, organizations, and government agencies, here it comes again.

The worst enemy of the common person and public business in 2017, ransomware has come back onto the scene in force, bringing with it new strains of browser-hijacking malware that is crippling productivity.

It’s the next battle in the never-ending war before cybercriminals and the forces of good tasked with stopping them in their tracks.

The biggest case of ransomware came in the second quarter of 2019 when the American city of Baltimore, Maryland was victimized. The freezing of files and data really limited the city’s ability to perform its duties. The ransomware, named RobbinHood, hit the city on May 7 with a note for about $76,000 in bitcoin or all data would be destroyed.

Six days later, all systems remained down, and stayed down until May 20, although sources say it was several more weeks until everything was back up and running. Baltimore was the third city in two years, following Greenville, North Carolina, and Atlanta, Georgia, to be hit with ransomware with a significant impact.

Clearly cyber criminals have gotten and more effective. The same can be seen with host browser-hijacking malware. Hackers are using Content Delivery Networks (CDNs) such as CloudFront and CloudFlare to prevent detection by cybersecurity forces that only look at the root-level domain.

Fighting Back

How can companies compete against this level of sophistication? By striking back with their own. It starts with solid anti-spyware software that is always on to keep the more obvious threats out. A firewall can also provide extra layers of protection, particularly against large scale assaults like Distributed Denial of Service (DDoS) attacks. Other best practices to keep ransomware out of your hair include:

Advanced malware detection tools

A particular kind of malware on the rise is called zero-day malware, which means it is something new and invented particularly to bypass the signatures established in anti-malware databases. Advanced tools will use AI and machine learning to rapidly establish patterns in these zero-day kits and sniff them out easier.

Establish and test backups

Making backup files is not just something to appease the board of directors, it is in place for when the worst happens, and ransomware definitely qualifies as the worst. Make sure that your backup process is working and that the files themselves are located somewhere that a ransomware account cannot touch them.

Employee training is absolutely necessary

Phishing attacks work because people are unsure, uneducated, or just plain sloppy about what to open and what to ignore. Your company can change all three of those characteristics with consistent, repeated, intelligent training.

Having everyone take a few hours off of work four times a year to learn more about phishing, malware, and ransomware is not going to drive your company into the red. In fact it just might save it. Many companies have found that reward systems and gamification are great ways to motivate employees to enjoy the training and do a better job of incorporating what they learn into their daily routines.