In our recent News Alerts we have highlighted the massive increase, more than 4000 ransomware attacks have occurred every day since
the beginning of 2016* and their evolution.
Being a scout our motto is “Be Prepared”, and given the sheer scale and current state of affairs I have put together a short list of how to best put together an approach, based on some sound principles:
1. Be Prepared - Orchestrate End User Preparedness
Since most ransomware attacks take advantage of unsuspecting users clicking without thinking, or in some cases responding to an emotion like fear; educating users is the best first step in combating ransomware.
Phishing and spear-phishing techniques often kickstart ransomware campaigns which will fail if users are more cynical of what they see or receive online.
Use creative mechanisms to prepare your users, no more workshops with presentation slides!
Engage them through structured campaigns with positive outcomes management.
2. Be Reverent - Set up an effective data recovery Process (and test often)
In an inevitable scenario you will lose some, if not all essential data, of your currently accessible data unless you pay.
Having reliable versions of data and recovery strategies that includes multiple recovery vectors gives you much more confidence in refusing to pay up.
Unfortunately, many organizations do not invest in effective strategies for data recovery in terms of Risk Management; Or test recovery procedures because “business will be impacted”.
During an emergency (like a ransomware attack) is the worst time to test recovery procedures for the first time.
Schedule it, do it now, make sure you are regular in your data inventory discovery and test recovery procedures.
Define and measure where things break down and continually refine these procedures so you’ll be ready when you find yourself in an emergency.
3. Be Courteous - Establish Good Hygiene Practices
Ransomware and other malware attacks exploit endpoint vulnerabilities and default or poor configurations.
Ransomware attacks target endpoints as they are numerous, usually the weakest link, and that’s where the data lives, and that’s what the user uses.
Simply better endpoint operational hygiene, is the best prevention for ransomware attacks.
Installing application and operating system patches as soon as possible is one of the best ways to prevent ransomware attacks.
Disable automated macros within Office type applications, perhaps ask why these functions are required and provide more effective solutions
Remove any and all software that’s not necessary and keep to the plan!
4. Be Helpful - Continuous Vulnerability Assessment and Remediation
The WannaCry worm, one of the highest profile ransomware attacks in recent time, was so successful as it exploited the 3 point above as well as the Operating System. (MS17-010 SMB protocol vulnerability).
This vulnerability is very old, very well-known, and affects multiple versions of the Microsoft Windows OS.
Regular and continuous vulnerability assessment scanning will identify application, operating system, and network vulnerabilities within your authorised assets, it should also highlight how many unauthorised assets you have, and assist you in working on resolving ownership of these so that you can prioritize remediation efforts that can prevent ransomware (and other types of malware) attacks.
5. Be Brave – Inbound and Outbound Connections (Transparency and what’s really going on)
As Highlighted previously, prepare your users, they are your first and most important line of defence, however if the inevitable happens, and the previous principles have failed, block these connections at your gateway, you’ve effectively disrupted the ransomware attack before it can ever get started.
Certain event types must be blocked automatically, and to do so, visibility and situation awareness along with the trust that how you have deployed your defences enables your ability to block connections that are initiated with known bad actors.
Follow the Principles above and limit your exposure to this scourge of our time;
Work with us and our cybersecurity Unified Security Management platform team, with integrated threat intelligence from the AlienVault Labs Security Research Team, backed by the Open Threat Exchange® (OTX™). Alerting us so that we can protect you. – Be Vigilant, Be Informed and Be Safe!