FTC shares ransomware defense tips for small US businesses

The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.

The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.

"One key protective step is to set up offline, off-site, encrypted backups of information essential to your business," the FTC said. "This isn't something to save for a slow day at the office. Your IT team should immerse themselves in the latest advice from CISA and other authoritative experts."

The second step, addressing the employees' exploitable human nature, is to train their staff to recognize the tricks ransomware operators use to infiltrate their target's network, including phishing messages that deliver malware designed to deploy backdoors on infected systems.

Attackers will also drop and install malware on victims' devices via malicious online ads (also known as malvertising) or infected sites under their control designed to exploit browser vulnerabilities.

As such, employees should avoid potentially risky sites and, as much as possible, only visit websites vetted by their companies' IT staff.

"In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multi-factor authentication," the US government agency added.

How to deal with the aftermath of a ransomware attack

Businesses hit by a ransomware attack should limit the damage by isolating compromised devices from the rest of the network, report the attack to the authorities (e.g., the local FBI office), and notify their customers if any data was stolen before the systems were encrypted.

The FTC also provides a detailed guide with all the steps businesses have to take to respond to a ransomware attack effectively.

This guide also includes a template notification letter for notifying impacted people whose names and Social Security numbers were stolen in ransomware attacks.

The FTC has also shared a shortlist of commonsense steps in a previous advisory published last year which would help businesses reduce the risk posed by ransomware attacks:

• Keep your network patched and make sure all your software is up to date.
• Back up your systems regularly and keep those backups separate from your network. Use separate credentials for your backups so that even if your network is compromised, your storage remains secure.
• Practice good cyber hygiene. For instance, know what devices are attached to your network so you can identify your exposure to malware. Implement technical measures that can mitigate risk, like endpoint security, email authentication, and intrusion prevention software.
• Be prepared. Make sure you have an incident response and business continuity plan. Test it in advance so you're ready if an attack occurs.
• Train your employees on how to recognize phishing attacks and other forms of social engineering.

Last month, the Treasury Department's Financial Crimes Enforcement Network (FinCEN) has revealed the actual scale of financial losses suffered by ransomware targets lately by linking almost $5.2 billion in outgoing BTC transactions to ransomware payments.

FinCEN's analysis is derived from Suspicious Activity Reports (SARs) linked to ransomware incidents and filed by US financial institutions this year, between January 2021 and June 2021, as required by the Bank Secrecy Act.