Ransomware: Three Critical Steps for Protecting Against Attacks
MSPs should know this roadmap to keep clients safe from malware extortion.
October 21, 2021
Sponsored by Datto
Beware: Ransomware is ready to wreak havoc on small and midsize businesses (SMBs). Managed service providers today should be on high alert, as ransomware attacks grab headlines and have a very real impact on daily life. These attacks tangle supply lines and shut down production, among other consequences.
An MSP may have dozens or even hundreds of client SMBs depending on them for protection from ransomware. That makes it all the more critical to have a strategic roadmap drawn up to combat these potentially crippling attacks.
While the tactics and technology that a ransomware gang wields can be complex, countering them doesn’t have to be. To keep things simple, best practices can be broken down into three main stages: prevention, detection and response.
Prevention—Obviously, succeeding in this phase is optimal. Although there is no airtight approach for preventing ransomware attacks, there are measures MSPs can take to help keep their SMB clients from becoming ransomware victims. These include:
Antivirus—These are classic tools that still make a difference in preventing ransomware attacks.
Automated patch management—Software providers understand more than ever that their solutions are part of an interoperable bigger picture. No vendor wants its solution to be the backdoor that lets a bug into a bigger system, so there’s increased vigilance around publishing patches that close security loopholes. Activate automated patching whenever possible, to reduce susceptibility to bad actors.
Ransomware detection—An important weapon of ransomware is its ability to slip into a business network unnoticed. To bolster protection, look for solutions that can identify ransomware before it can infiltrate and spread.
Detection—Despite the best efforts of an MSP and its client, ransomware can still get through the protection layer. The bug may have been transmitted through a malicious file emailed to an employee who unwittingly opened it, Trojan-downloaders or exploit kits, or other methods. MSPs should let their clients know to notify them immediately if they see signs of a hacker infiltration. Such signals include unexpected file name changes, a lockout screen or a ransom note pop-up. Some industries are more susceptible to ransomware than others, with healthcare, finance and insurance leading the way.
Response—When a ransomware attack escalates to this stage, a fast response is critical. MSPs must be prepared to act by taking the following steps:
Scan networks for confirmation of an attack unfolding.
Identify the infected computers and isolate them from the rest of the network.
Secure all backup data or backup systems immediately—take them offline and perform a malware scan.
Following that, there is definitive action that an MSP can take to ensure that hackers cannot regain access to target systems. Download our Journey of Crypto-Ransomware eBook to learn more about how to secure clients against ransomware.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like