You are here:Home/Blog Post/Mounting a Defense Against Ransomware
Same Old Song The message to be watchful of our networks has remained the same (that is, there’s still a painful lack of oversight), so for 2022 Verizon used a cover that mimicked its first Breach Report of 2008.
The Latest Report
The jaw-dropper from the recently released annual Verizon Data Breach Investigations Report1 is the thirteen percent rise in the incidence of ransomware. This represents a single-year increase equal to the increases of the past five years combined.
The report shows that supply chains are a growing target for criminal groups more interested in espionage – infiltrating systems and observing and stealing information – than financial gain. Though financial gain remains the number one goal of breaches by a wide margin.
The report also shows the “human element” plays a role in eighty-two percent of breaches. Phishing emails and social engineering are still among the main areas of criminal access. Misconfiguration by IT admins is responsible for other successful attacks.
So one of the key takeaways – illustrated by the report’s empty-data-center cover – is the continued need for and lack of training and vigilant oversight. If criminal organizations can sit and watch and wait patiently, why then oh why can’t we?
Tools and Strategies for Prevention
Security Awareness Training An unsuspecting user clicks on a link or opens an attachment and unknowingly downloads malicious code. Security Awareness Training can teach people how to use technology securely, preventing a huge source of malware and ransomware outbreaks – nearly twenty percent of incursions still start as a clicked phishing attempt, per Verizon’s report. One of the latest (revived) trends involves hiding a malicious Word doc in a PDF.2 So training needs to be ongoing.
Patching and Updating Unpatched vulnerabilities are another cause of ransomware infections. Routine vulnerability scanning should be used to detect Common Vulnerabilities and Exposures (CVE). Scan results will identify systems and computers that need operating systems and applications updated with current patches. Neglected systems are the low-hanging fruit – easy to exploit. Vulnerability scanning and system patching should occur on a regular basis because new vulnerabilities are discovered daily and software patches are released at least weekly by vendors to fix security flaws. A formal vulnerability and patch management program helps keep systems secure.
Anti-Malware/Anti-Virus Not all ransomware will be detected by anti-malware/anti-virus software, but most will be detected and quarantined and/or removed before the ransomware can do damage. Install anti-virus software on all computers and servers and make sure the anti-virus software stays current as threats keep changing.
Virtual Private Network A Virtual Private Network should be used to access your internal or private network from an external location. By contrast there are many insecure remote access technologies such as Remote Desktop Protocol (RDP) that are often compromised allowing ransomware attacks to succeed.
Email Threat Protection Let the latest email threat technologies scan inbound transmissions to detect malicious code. Ransomware can be quarantined before an end-user accidentally clicks a link, downloads a document or runs an executable containing malware.
Tools and Strategies for Recovery After an Infiltration
Incident Response Plan An Incident Response Plan is an organized approach to the detection, eradication and recovery from cybersecurity incidents, including ransomware. The plan offers structure and reassurance during the most chaotic and stressful situations. An Incident Response Plan is a fundamental component to successfully handle a ransomware infection.
Network Segmentation Computer networks that are logically (the data and data-flow) or physically (devices and cabling) segregated from each other are useful in containing a ransomware outbreak. For example if endpoint computers reside on one logical network and servers reside on a different network, if a PC gets infected with ransomware it can be more easily contained to not spread to infect servers and vice versa. This approach makes recovery easier. By contrast if all assets are on the same network, the likelihood of the ransomware spreading and encrypting everything is high.
Backup Strategy Reliable, current data backups allow recovery from ransomware by simply restoring systems, applications and files to a previous, non-infected state. A sound Backup Strategy is configured according to system priority, monitored for success and routinely tested for recovery assurance. It is also good practice to have multiple copies of backup files stored on different types of media in different locations.
Disaster Recovery Plan A Disaster Recovery Plan includes your organization’s step-by-step recovery procedure. Reliable and current backups are only helpful if they can be actually used in recovery. Document your procedure and test its effectiveness at least annually.
Thirty-Five Years Keeping Computer Systems Healthy
Since 1987 Bryley has counselled on staving off ransomware. For more information about ransomware protections please call 978.562.6077 or email ITExperts@Bryley.com.