Preventing Ransomware Attacks – The Most Effective Methods
Preventing ransomware attacks will be discussed in detail in this article. The Internet is full of dangers these days, but nothing scares users and IT security professionals more than the threat posed by ransomware.
Ransomware attacks can cripple network access or operations, damage your reputation with customers and employees, and trigger other attacks as cybercriminals see your business as vulnerable. This year alone, attacks like those on Colonial Pipeline and Kaseya show that no organization is safe. Even the strongest cybersecurity infrastructures struggle to deal with the aftermath of a ransomware breach, and there are no easy solutions.
The good news is that with good cyber hygiene, including employee training, robust configuration management, and security systems, organizations can mitigate ransomware vulnerabilities and prepare for the worst.
We take a detailed look at ransomware, what it is, how to avoid it, and what to do if you become one of its unfortunate victims.
How does ransomware work?
One of the most common ways for criminals to infect a company is to send an email with malicious links or attachments that an employee inadvertently clicks to launch an attack. These could be emails sent to millions of potential victims or targeted emails sent to a specific person in a specific organization.
Attackers tell the victim that their data is encrypted. To access the decryption key, the victim has to make a quick payment, often in cryptocurrency that protects the attacker’s identity (but not the wallet address). Since the cryptocurrency often does not hide the wallet address, US officials at the DOJ were able to get back part of the ransom paid to DarkSide after the Colonial Pipeline ransomware attack.
If they are not paid within an initial period, usually 48-72 hours later, attackers are not ashamed to increase the ransom and often threaten to have the data deleted. Since organizations cannot expect good faith negotiations, there is no guarantee that the attacker will provide the key after payment.
Since ransomware often contains mining features that can steal critical information like usernames and passwords, preventing ransomware from entering the network is serious business.
How to prevent ransomware attacks
There are a variety of steps organizations can take to prevent ransomware with varying degrees of effectiveness. Here are the best practices you can take to reduce your risk of a ransomware attack:
While virtual backups are great, if you don’t save backups offline, you can lose that data. This means regular backups, multiple stored copies, and monitoring to ensure that the backups remain true to the original. Recovering data after an attack is often the best approach, as reliable backups become important protection against ransomware.
Ransomware awareness is a fundamental security measure. But it only takes a single employee to lose their vigilance for an organization to be compromised. Since training has little impact on staff with any possible attack, additional security is more imperative.
Cybercriminals send millions of malicious emails to random organizations and users, but an effective spam filter that is continuously scaled together with a cloud-based threat intelligence center can prevent over 99% of them from reaching employee workstations.
Configure desktop extensions
Staff should be trained not to double-click executable files (files with an .exe extension). However, Windows hides file extensions by default, so a malicious executable like “evil.doc.exe” can appear as a Word document called “evil.doc”. Making sure extensions always show up can do a lot to counter this type of threat.
Block executable files
Limit the use of elevated rights
Ransomware can only encrypt files that a specific user can access on their system unless it contains code that can elevate a user as part of the attack.
Patch the software quickly
This is a basic safety precaution to ensure that all software is updated with the latest security fixes, but it is worth doing again as the breaches will continue due to a delayed update. In 2020 in particular, the SolarWinds hack could have been avoided for companies that patched software quickly.
The transition to Zero Trust provides visibility and control over your network, including stopping ransomware. The following three actions: prioritization of assets and analysis of data traffic, micro-segmentation, and adaptive monitoring are central steps of the zero trust architecture and significantly reduce your risk of attack.
Prioritize assets and evaluate traffic
By using inventory tools and IOC lists, an organization can identify its most valuable assets or segments. This comprehensive picture gives employees insight into how an attacker might infiltrate your network and provides the visibility they need into the traffic flow. This gives your team a clear orientation as to which segments need additional protection or restrictions.
Microsegmentation is the ultimate solution to stop sideways movement. By implementing strict application-level guidelines, segmentation gateways and NGFWs can prevent ransomware from reaching what matters most.
Adaptive monitoring and tagging
Once your micro perimeter surrounds your most sensitive segments, continuous monitoring and adaptive technology are required. This includes active tagging of workloads, threat scanning, and virus assessments, as well as consistent traffic assessment for critical applications, data, or services.
Use a CASB
A Cloud Access Security Broker (CASB) can help you manage policy enforcement for your company’s cloud infrastructure. CASBs provide additional transparency, compliance, data security, and threat protection by securing your data.