Ransomware Best Practices

Data Protection Mar 14, 2024

buffalo nas network attached storage terastation

Make no mistake: ransomware will put your data—and your money—at stake. Due to the popularity of NAS, they are increasingly becoming targets in today’s era of rampant cyberattack rates.

Buffalo recommends taking every measure in combining vigorous cyberattack prevention methods and robust, secure data backup solutions such as the TeraStation with multi-version backup and snapshot capabilities so that you can save yourself from the possibly catastrophic consequences of a ransomware attack.

Ransomware Mitigation Strategies

While there is no bulletproof methodology in preventing ransomware, Buffalo recommends consolidating multiple prevention and preparation practices into a comprehensive, multi-layer data security strategy. Since every security layer would present an extra obstacle for attackers to overcome, you can help reduce the overall attack surface at various points in your enterprise’s data infrastructure.

Network Monitoring

Modern ransomware attacks can involve many different elements, and dedicated threat actors will not hesitate to launch multiple avenues of attack. One of the most important aspects of cybersecurity is robust network protection and monitoring. We recommend always staying aware of all traffic on your network. Common sense dictates that if you don't know what is happening on your network, attackers will be all too happy to exploit this. But if you have a good picture of daily traffic, you can then take actions to block unknown traffic and prevent exposing your system to risky sites and untrustworthy applications. Safeguarding your network with vigilant security is an active deterrent in and of itself. If you raise the cost of an attack for attackers, this reduces the likelihood of them pursuing a costly attack against you.

System security depends on your enterprise’s data infrastructure. You will need to inspect each endpoint and what security measures are needed for it. Ideally, each endpoint will have its own protections set up as needed. For example, corporate email systems should have content filtering and spam blocking, and corporate mobile devices should consider having messaging protection installed to block phishing messages and malicious URLs. You should also have password-based access protection and encryption to ensure safe data pathways. By blocking known attack vectors, you can remove these threats from the equation altogether.

User Awareness

A fully-developed security infrastructure is only as secure as its users, so it pays to be aware of any potential blind spots. User habits – both foundational data security practices and threat awareness – can go a long way in helping you address areas of vulnerability before they become problem areas. After all, what good is a having a robust security infrastructure and backup process if users end up creating more attack surface?

You should take steps to prevent your users from inadvertently downloading malicious or otherwise compromised files. Some of these precautions are commons sense, such as educating your users to never open any spam emails or messages from unknown senders, and never download any attachments or click on any links from suspicious emails. Along with patching software as mentioned above, you can also take steps to configure your web browser’s security and privacy settings to reduce its exposure. Delete any unused browser plugins and update the ones you use on a regular basis, and consider installing an ad blocker to prevent intrusions from unknown or suspicious sources.

After you address your endpoint security, stay informed. User awareness plays no small role in data security. Stay abreast of new ransomware when they are discovered and learn how they work. Ransomware, as all malware, is constantly evolving, so it pays to know when malware deploys new zero-day exploits. Keeping aware of how attacks occur and spread can help you recognize and possibly avoid future attacks.

Backup and Recovery

Always, always have a backup. Even without the ever-looming threat of ransomware, backups should always figure into your enterprise’s business continuity and disaster recovery plans. With so much of our data no longer analog, having a backup plan isn’t just a good idea, it should be compulsory.

A backup solution with strong encryption and kept isolated from your local computers is a paramount investment, as you can enjoy a secure backup location that you can access anytime to restore files should you need to. Because ransomware is constantly evolving, the only real ransomware protection is to initiate a robust backup strategy that includes a physical on-site backup location. For example, modern ransomware has evolved to not only go after your data but also backup copies of the same data on the domain. This is why it is a good idea to have a copy of your data off of the domain, as if your domain administrator is compromised you may not have access to your backups. Buffalo recommends a secure NAS device isolated from the rest of the network to be used as your dedicated backup location. We also advocate the 3-2-1 plan: have three copies of your data on two different backup locations, with one copy stored off-site.

Dealing with Ransomware Attacks

If ransomware has already struck, stay calm. First and foremost, you will need to stop the malware from spreading. Isolate the infected device or devices and make sure they are kept off your network. Once you have contained the infection, you can then analyze the situation and consider your options.

Remove the Ransomware

Remove the ransomware from your devices so you can move forward and evaluate the damage. All things considered, ransomware is usually not difficult to remove, as you can typically delete it as you would any malware. The easiest way to remove the ransomware (especially crypto ransomware) is to put your computer or mobile device into Safe Mode, deleting any temporary and infected files or apps, and then performing an antivirus scan to ensure that your system is free from the infection. Reputable data security vendors such as Symantec and Norton provide tools to help users remove persistent malware. Removing the ransomware also helps you figure out what kind of ransomware you are dealing with, and what is your recourse.

Recover Your Data

If you have backups on hand, you should immediately restore the inaccessible data from backup. If your system has been locked, you can perform a system restore after getting rid of the malware.

Buffalo recognizes that restoring from backups, especially entire systems, is neither simple nor convenient. A full restore can take time and system resources that you may not be able to spare, but they are essential in helping you avoid the risks of having to deal with criminals. This is where a secure backup solution such as the TeraStation with multi-version backup and snapshot capabilities can come to the rescue, as you maintain the flexibility to easily restore select files without hassle.

Contact Law Enforcement

If you are attacked by ransomware, you should contact law enforcement immediately. Even though you may feel that you can restore from a backup or otherwise recover your data, reporting your attack to law enforcement can help them develop a better understanding of how the attack works, and possibly contribute relevant information towards other ongoing ransomware cases and stay up-to-date on new attack types on the horizon. Any information may help law enforcement determine who is behind the attack and your best recourse.

To Pay or Not to Pay

If you do not have a robust backup or other tenable options, you may end up wondering: "Should I just pay?".

While many advocate against paying, no matter what the consequences, we recognize that it is often not a black-and-white issue. Sometimes serious logistical issues come into play. For example, you may not have the luxury (or even resources) to initiate a full system restore. This is a primary reason threat actors prefer to attack home users, SMB enterprises, and public offices: because they are often working with limited resources that inhibit their options. Restoring backup files can be a costly and time-consuming endeavor. When you factor in the costs of performing a full restore and the money lost while your business experiences downtime, the overall cost may end up seriously crippling your business when compared to the cost of simply paying the ransom.

Of course, there is certainly merit in not paying the ransom. There have been countless instances of ransomware victims paying the ransom, only to receive a decryption key that doesn't work or simply no response at all. In addition, paying the ransom might subject you to consequences that may not be immediately obvious. And of course, there is the personal protection factor: when conducting financial transactions with criminals, the risk of identity theft is very real. Simply paying to get your data back is never a risk-free option.

No Silver Bullet for Ransomware, but Not Hopeless Either

To prevent putting yourself into the position where you're forced to make a Hobson's choice, consider taking steps to prevent the ransomware attack from happening. If a ransomware attack occurs but you are able to quickly isolate the infection and restore your data without much trouble, you stand a very good chance of recovering from the attack with little worse for wear. Practicing safe computing habits, and deploying a multi-layer data security plan along with a secure, isolated backup location can go a long way in helping you combat ransomware.

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Case Studies

Blog & Helpful Tips

White Papers

Data Security

Webinars

Latest Article

Buffalo Americas Announces FIPS 140 CAVP Validation for Cryptographic Security on TeraStation 5020 and 7010 Series Network Storage

Get Support

Forums

Knowledge Base

Data Recovery

Security Notices

Warranty Information