Ransomware is a type of malware covertly installed by threat actors to infect, gain control of and encrypt computer files on a network. Once on the network, the threat actors will try and move across the network to steal critical information like usernames and passwords. When files are encrypted, the threat actors will display how the victim organization can get its data back after following the instructions on how to pay the ransom. Files are released only after the ransom is paid, with often risks of continued demands for additional payments. Government agencies, police departments and organizations of national importance have fallen victim to ransomware attacks, bringing it into the international spotlight and prompting the US Federal Government to step in to coordinate the response and reduce this risk.
How organizations fall victim to ransomware?
The attack is typically carried out with phishing emails; or with automated program downloads from the internet, carried out without the knowledge of the target user; or by finding a security hole in vulnerable software. The most common attack is however with phishing emails sent to employees or others in a network. The emails often appear to be sent from a legitimate source, thereby enticing the user to click on a malicious link. Once the malicious code is set in motion, the computer gets infected with ransomware.
What you can do to prevent ransomware attacks?
There are a number of ways to reduce the risk of a ransomware attack, ranging from securing and monitoring the network to training and keeping users aware of possible risks.
- User Training: Periodic cybersecurity awareness programs help keep staff aware of current cybersecurity threats. Conducting simulated tests also helps assess preparedness against potential threats.
- Test your cybersecurity controls: Having critical security controls in place is key to keeping your organization safe from persistent threats. The level of controls can range from basic to advanced, depending on the size of the organization and type of security framework (NIST, CIS, other) being used. A cybersecurity strategy that provides a holistic view of the performance of the critical controls makes it easier to make adjustments as needed.
- Update applications and operating systems: Ensuring applications and operating systems are updated constantly helps reduce the risks of security breaches. Threat actors always look for a security hole in vulnerable applications and operating systems.
- Maintain an accurate inventory of devices on your network: Take the guesswork out of asset management with an efficient cybersecurity strategy that can detect a device the moment it connects to the network. Not being able to manage devices on a network, also increases the risk of a device not having adequate protection, resulting in the organization being vulnerable to a cyberattack.
- Reduce the risk of CISO fatigue: Cybersecurity strategies that are configured with disjointed, complex tools lead to security personnel fatigue. Enhancing your cybersecurity strategy to proactively hunt for threats based on atypical behavior, allows their classification based on severity with only statistically significant events being reported.
What if you have a ransomware attack?
With ransomware attacks, it unfortunately is not a question of if, but when. You have to be prepared with a response plan. Here are a few things that you can do:
- Secure backups: Keep your backup data offline and secure. Scanning your backup data will help determine if it is free from malware.
- Isolate the infected systems: Immediately turn off and isolate the infected systems and devices. This may also help prevent all files on a system from becoming infected, thereby allowing for a potential partial recovery.
- Report the incident: Immediately on detection, the incident should be made know to your cybersecurity and IT teams. The required protocols should also be followed for informing law enforcement and other agencies.
- Password and digital certificate resets: System and user passwords should be changed once the ransomware has been removed.
- Forensic Analysis: Conduct a thorough investigation to determine the entry point of the ransomware, duration in the environment and to also confirm if it has been fully eradicated.
The likelihood of a ransomware attack has sharply increased, with threat actors ranging from criminal gangs to nation-state sponsored events. With security teams having to monitor thousands of alerts daily, they need all the help they can get from holistic security management solutions that can handle a multi-dimensional threat landscape.
Want to learn more on how to be better prepared?
Reach out to the cybersecurity experts at ProtechSuite to understand your level of preparedness and see if they can help.
An Article by
J-SAS Inc. ProtechSuite, June 7, 2021