November 6, 2024 | IBM i

Key IBM i Processes for Strengthening Anti-Ransomware Protection

image

In addition to deploying IBM i anti-ransomware software, these key processes can further protect your IBM i servers from ransomware attacks: 

  • Regular IBM i Security Audits: Identify and address vulnerabilities that could expose your system to ransomware. 
  • Timely, Protected System Backup and Recovery Processes: Ensure data can be restored effectively if compromised. 
  • User Awareness and Training on Ransomware: Empower users to recognize and avoid ransomware phishing attacks. 
  • Regular OS and Anti-Ransomware Updates: Reinforce your anti-ransomware defenses with up-to-date protection. 

These processes supplement and strengthen anti-ransomware protection. They can significantly enhance IBM i system resilience against ransomware and minimize potential damage. Reviewing each process is essential to ensure they align with your IBM i ransomware protection strategy. 

 

Further reading: 5 Ways to Protect the IFS from Cyberattacks (Part 1 and 2) 

Regular IBM i Security Audits 

IBM i object security helps prevent ransomware from encrypting files and extracting data. The fewer IFS (Integrated File System) folders accessible to users, the fewer targets ransomware has for encrypting or stealing data. 

 

Regular security audits on IBM i can help you find and address object security vulnerabilities. Audits may include organizational, governmental, regulatory, and insurance requirements. IBM i vendors, including SEA with its iSecurity Assessment offering, often provide free security assessments.

 

Resources like the IBM i Malware and Ransomware Readiness Checklist, available in SEA’s Guide to Understanding IBM i Malware and Ransomware Protection, offer valuable guidance for hardening IBM i objects against unauthorized changes. 

 

Performing regular IBM enhances ransomware protection by: 

  • Closing security vulnerabilities where infected user machines could access, encrypt, or steal IFS data.
  • Reducing the number of users with excessive authority to IBM i file shares, limiting the reach of ransomware infections. 

Timely, Protected System Backup and Recovery Procedures 

In the event of an IBM i ransomware attack, organizations often need to wipe infected data and restore it from recent backups. In extreme cases, full-server restoration may be necessary. Having a current, malware-free backup is essential to prevent data loss. 

 

Effective backup procedures ensure data integrity and minimize downtime. Consider these points for robust IFS backup and recovery for anti-ransomware protection: 

  • Comprehensive Backups: Ensure all IFS folders, including QSYS.LIB and the root ‘/’ folder, are backed up for complete system restoration. 
  • Regular Backups: Schedule backups based on data update frequency. Critical data like financial or production information may require daily backups, while infrequently updated data may only need weekly backups. 
  • Multiple Secured Backups: Follow the 3-2-1 rule: maintain three copies of data on two types of media, with one offline. Backup systems should restrict direct access to backup files to prevent ransomware from compromising them. 
  • Tested Backup and Recovery Procedures: Regularly test these procedures to confirm that valuable IBM i data can be fully restored if attacked. 

User Ransomware Awareness and Training 

Most IFS ransomware infections start with a phishing attack, where users inadvertently download ransomware that encrypts IFS objects. User education on phishing and social engineering can significantly reduce these risks. Training might include: 

  • Phishing Avoidance: Educate users on identifying and avoiding email phishing tactics, malicious websites, and other ransomware entry points. 
  • Cybersecurity Best Practices: Encourage safe browsing habits and the ability to recognize suspicious links. 
  • Security Policies: Implement policies to reduce ransomware risks, such as limiting user access to sensitive folders. 

Regular operating system and anti-ransomware updates 

Ransomware constantly evolves to bypass security defenses. To counteract this, it’s crucial to keep IBM i OS and anti-ransomware software up to date. Key steps include: 

  • Applying IBM i PTFs and Technology Refreshes: Ensure IBM i systems have the latest OS security patches and features. 
  • Updating Anti-Ransomware Software: Keep anti-ransomware solutions current with the latest updates. 
  • Refreshing Ransomware Signature Databases: As new ransomware variants emerge daily, regularly updating ransomware signature databases is essential for timely detection. 

Enhancing IBM i Anti-Ransomware Protection 

Most IBM i shops already perform essential processes like auditing, backups, user training, and patching. Reviewing and enhancing these processes can strengthen anti-ransomware protection and limit damage if an attack occurs. These processes not only enhance IBM i ransomware resilience but also provide a defense-in-depth strategy against potential threats. 

 

For more information on configuring IBM i security against ransomware, Contact SEA .