Ransomware Protection


 

Recent high-profile ransomware attacks against global software management company Kaseya, gas supplier Colonial Pipeline, popular Cape Cod ferry service The Steamship Authority, and JBS, the world’s largest meat company by sales, have fueled ransomware news and commentary. The attacks demonstrate ransomware’s pervasiveness and effectiveness across a variety of cyber threats. With over 4,000 ransomware attacks occurring daily since the start of 2016, every business of any size, any network stack, and any infrastructure deployment is a potential target.

While broad cybersecurity insights are valuable for framing discussions, leaders and teams across all verticals require detailed ransomware prevention tactics to protect their business’s data, financial health, and reputation. The following are five high-priority strategies for businesses looking to prevent ransomware infection immediately.

Become Familiar with What Ransomware Is and How CISA Actively Assists

It’s worthwhile to spend a morning reviewing the US Cybersecurity and Infrastructure Security Agency’s valuable tips, alerts, and resources (CISA). The site’s well-organized checklists, assessments, frameworks, and training modules are immediately beneficial for businesses of all sizes — and everything is free.

CISA’s explanation of what ransomware does is a good place to start:

“Ransomware scans an infected system for drives and begins encrypting the files contained within each drive. To indicate that files have been encrypted, ransomware typically appends an extension to them, such as.aaa,.micro,.encrypted,.ttt,.xyz,.zzz,.locky,.crypt,.cryptolocker,.vault, or.petya.

After the ransomware has finished encrypting the victim’s files, it creates and displays a file or files containing instructions on how to pay the ransom. If the victim pays the ransom, the threat actor may provide the victim with a cryptographic key that can be used to unlock the files, restoring access.”

Indeed, “[M]ay provide.” Now that ransomware has evolved into a model that any criminal organization can purchase, i.e., ransomware-as-a-service, hacker technical expertise and “honor codes” are hardly worth the gamble. Payment guidance from CISA and the FBI is unambiguous. Avoid it. That means that preventing infection is non-negotiable.

Now is the time to perform basic tuning: filters, authentication, patches, and web application firewalls.

Maintaining a basic level of security helps prevent ransomware attacks — which frequently trick users into visiting malicious emails and websites infected with remote-control viruses designed to hijack the target’s device. Numerous fundamental tuning tasks do not necessitate esoteric technical expertise. Now is the time to do what you can:

The “rules” section of most email systems enables individuals or an administrator to filter and restrict suspicious communication. Microsoft 365 for Outlook and Gmail both have step-by-step setup guides available on their YouTube channels and support centers.

Require users to use multifactor authentication (MFA) or another form of strong authentication to access websites and applications. MFA may include a complex password (which the user knows) and a security token (which the user has), such as a code sent to your mobile device, as well as biometric verification such as a fingerprint or face scan (what the user is). The layered defense is well worth the few additional seconds required to authenticate.

Patch. Patch. Patch. Recognize all software in use at your business and ensure that it is updated as soon as new releases become available. Do not delay. CISA maintains a current list of security updates from leading vendors such as Google, Cisco, Apple, VMware, and Citrix.

Depending on the nature of a business’s website, implementing an effective web application firewall (WAF) to inspect HTTP traffic may require a higher level of technical expertise than other basic prevention tactics. Nonetheless, it is a fundamental metric. Web development platforms that support enterprise-level security may make use of Azure or AWS services, and engineers may seek specialized assistance with implementation.

Make a Comprehensive Review of Attack Surfaces and Networks a Priority

Every business should have a well-defined plan for aggressively reducing IT attack surfaces, and every leader should understand precisely what that plan entails and how it is currently being implemented. The goal is to significantly reduce the number of servers, cloud services, network devices, and protocols that can be accessed via the internet or other external channels. Because those entities will be compromised following an intrusion, severely limiting their exposure and accessibility makes it more difficult for various types of ransomware to infiltrate.

Businesses with business units spread across regions or the globe must ensure that the nodes and network stack used by each operation adhere to the same robust standards as headquarters. There have been instances where corporate data has been accessed and encrypted via a satellite operation with network firewall vulnerabilities and other weak defenses. Assessing and resolving on-the-ground IT differences is a “macro” prevention tactic.

Consumable Cybersecurity Training Increases Employee Buy-In

Proactively ensuring that employees understand the daily precautions they must take to avoid ransomware infection is critical and manageable, even if it feels like cat-herding. Employees should feel a sense of ownership and responsibility for the business’s safety as a result of the company culture.

By providing employees with ongoing, innovative cybersecurity awareness training — with a particular emphasis on ransomware — protective action can become second nature. They will understand how to identify and avoid suspicious URLs, emails, and attachments; how to recognize and avoid suspicious applications; how to avoid disclosing personal information; how to avoid using public Wi-Fi whenever possible; and how to avoid using an unknown USB stick or other hardware, among other tactics. Training can be designed as a fun, 15-minute exercise every few days that keeps security in the forefront of everyone’s mind and ensures no one is afraid to act when confronted with a red flag.

Utilize Creative Techniques

Security experts occasionally share techniques that receive less media attention but are still effective in thwarting some ransomware attacks, such as installing a Cyrillic keyboard on a PC. Numerous hackers based in Russia and Ukraine exercise extreme caution not to attack the economies of those countries or their allies, including global operations. While ransomware continues to evolve in sophistication, there are still thousands of malicious scripts that check for the presence of coded Russian, Ukrainian, Tajik, Uzbek, Kazakh, Turkmen, and Syrian-based Arabic on systems and then refuse to install the ransomware. While this is far from a foolproof trick, it does provide some protection and is relatively simple to execute.

Another trick is to use the operating system to create separate accounts on your PC (or Mac). Different user accounts can have varying levels of privileges. Certain ransomware programs require administrator privileges to execute. Purposefully reading one’s email on a limited-privilege account is another technique that can help prevent the spread of some ransomware.

In the near future, ransomware will only become more sophisticated and aggressive — and even more prevalent — as it adapts to cybersecurity measures via new types of AI. It’s difficult to overstate the critical nature of implementing tough prevention measures now. As is the case with any unwanted infection, preventing it is preferable to dealing with the aftermath, though every business should be prepared for that eventuality as well.

Recent high-profile ransomware attacks against global software management company Kaseya, gas supplier Colonial Pipeline, popular Cape Cod ferry service The Steamship Authority, and JBS, the world’s largest meat company by sales, have fueled ransomware news and commentary. The attacks demonstrate ransomware’s pervasiveness and effectiveness across a variety of cyber threats. With over 4,000 ransomware attacks occurring daily since the start of 2016, every business of any size, any network stack, and any infrastructure deployment is a potential target.

While broad cybersecurity insights are valuable for framing discussions, leaders and teams across all verticals require detailed ransomware prevention tactics to protect their business’s data, financial health, and reputation. The following are five high-priority strategies for businesses looking to prevent ransomware infection immediately.

Conduct Some Research

It’s worthwhile to spend a morning reviewing the US Cybersecurity and Infrastructure Security Agency’s valuable tips, alerts, and resources (CISA). The site’s well-organized checklists, assessments, frameworks, and training modules are immediately beneficial for businesses of all sizes — and everything is free. CISA’s explanation of what ransomware does is a good place to start: “Ransomware scans an infected system for drives and begins encrypting the files contained within each drive. To indicate that files have been encrypted, ransomware typically appends an extension to them, such as.aaa,.micro,.encrypted,.ttt,.xyz,.zzz,.locky,.crypt,.cryptolocker,.vault, or.petya.

After the ransomware has finished encrypting the victim’s files, it creates and displays a file or files containing instructions on how to pay the ransom. If the victim pays the ransom, the threat actor may provide the victim with a cryptographic key that can be used to unlock the files, restoring access.”

Indeed, “[M]ay provide.” Now that ransomware has evolved into a model that any criminal organization can purchase, i.e., ransomware-as-a-service, hacker technical expertise and “honor codes” are hardly worth the gamble. Payment guidance from CISA and the FBI is unambiguous. Avoid it. That means that preventing infection is non-negotiable.

Now is the time to perform basic tuning

Maintaining a basic level of security helps prevent ransomware attacks — which frequently trick users into visiting malicious emails and websites infected with remote-control viruses designed to hijack the target’s device. Numerous fundamental tuning tasks do not necessitate esoteric technical expertise. Now is the time to do what you can:

The “rules” section of most email systems enables individuals or an administrator to filter and restrict suspicious communication. Microsoft 365 for Outlook and Gmail both have step-by-step setup guides available on their YouTube channels and support centers.

Require users to use multifactor authentication (MFA) or another form of strong authentication to access websites and applications. MFA may include a complex password (which the user knows) and a security token (which the user has), such as a code sent to your mobile device, as well as biometric verification such as a fingerprint or face scan (what the user is). The layered defense is well worth the few additional seconds required to authenticate.

Patch. Patch. Patch. Recognize all software in use at your business and ensure that it is updated as soon as new releases become available. Do not delay. CISA maintains a current list of security updates from leading vendors such as Google, Cisco, Apple, VMware, and Citrix.

Depending on the nature of a business’s website, implementing an effective web application firewall (WAF) to inspect HTTP traffic may require a higher level of technical expertise than other basic prevention tactics. Nonetheless, it is a fundamental metric. Web development platforms that support enterprise-level security may make use of Azure or AWS services, and engineers may seek specialized assistance with implementation.

Make a Comprehensive Review of Attack Surfaces and Networks a Priority

Every business should have a well-defined plan for aggressively reducing IT attack surfaces, and every leader should understand precisely what that plan entails and how it is currently being implemented. The goal is to significantly reduce the number of servers, cloud services, network devices, and protocols that can be accessed via the internet or other external channels. Because those entities will be compromised following an intrusion, severely limiting their exposure and accessibility makes it more difficult for various types of ransomware to infiltrate.

Businesses with business units spread across regions or the globe must ensure that the nodes and network stack used by each operation adhere to the same robust standards as headquarters. There have been instances where corporate data has been accessed and encrypted via a satellite operation with network firewall vulnerabilities and other weak defenses. Assessing and resolving on-the-ground IT differences is a “macro” prevention tactic.

By providing employees with ongoing, innovative cybersecurity awareness training — with a particular emphasis on ransomware — protective action can become second nature. They will understand how to identify and avoid suspicious URLs, emails, and attachments; how to recognize and avoid suspicious applications; how to avoid disclosing personal information; how to avoid using public Wi-Fi whenever possible; and how to avoid using an unknown USB stick or other hardware, among other tactics. Training can be designed as a fun, 15-minute exercise every few days that keeps security in the forefront of everyone’s mind and ensures no one is afraid to act when confronted with a red flag.

In the near future, ransomware will only become more sophisticated and aggressive — and even more prevalent — as it adapts to cybersecurity measures via new types of AI. It’s difficult to overstate the critical nature of implementing tough prevention measures now. As is the case with any unwanted infection, preventing it is preferable to dealing with the aftermath, though every business should be prepared for that eventuality as well.