10 tips to ward off ransomware

Share post

According to F2021 Labs' Application Protection Report 5, ransomware is one of the biggest threats to data security. Here are 10 tips for companies on which current security measures they should implement. By Roman Borovits, Senior Systems Engineer DACH F5.

1. Multifactor authentication

Conventional passwords are no longer sufficient: Multifactor authentication (MFA) should be required to access all systems with important data. If MFA cannot be set up everywhere, it should be used with all administrative accounts first. Remote access has the next priority. Then MFA for e-mail should be introduced, with most of the major platforms supporting MFA. Many single sign-on tools help to access different applications after just one login - and thus also to protect legacy systems.

2. Solid passwords

Where MFA is not possible, user-friendly guidelines for strong passwords must be enforced. Organizations should regularly review user-chosen passwords against a dictionary, as well as standard, stolen, and known passwords. Long passwords with special characters are mandatory. Wrong entries should not be advised to reset passwords that could put cybercriminals on the right track. In addition, expired or invalid login data must be blocked immediately.

3. Restrict access

The principle of least privileges is to be used for admin accounts in particular. In the case of larger IT departments, the rights can be divided up according to region, time zone or area of ​​responsibility. Administrators should also have a non-privileged account for everyday purposes such as reading e-mails, surfing the Internet or using Office applications. If an administrator accidentally clicks on a phishing email containing ransomware, the effects are limited.

However, the rights must also be limited for all users and systems. For example, web servers require rights for their own service and the file directories, but not for the entire network. Or a backup server can be set up to have read-only access to the main domain so that it can copy files for backup. In addition, general user accounts must be compared with the personal data so that only the right people have access to relevant data.

4. Monitor logs

Attackers will try to cover their tracks. The monitoring system should therefore give an alarm if logs are deleted, manipulated or prevented. It is also advisable to receive messages when an administrator account is created or when many logons fail in a short period of time.

5. Network segmentation

Firewalls can limit malware infections to specific usage segments, systems or trust levels. If internal firewalls cannot be implemented, virtual LANs can be set up. A remote management system should have access to either the Internet or the internal network, but not both at the same time. The access rights of administrative interfaces must also be restricted by network rules.

6. Patch infrastructure and applications

The network devices and firewalls used to manage network segmentation must be patched regularly. The same applies to all systems and applications that are used in the company. Otherwise hackers will exploit the security holes.

7. Protect backups

In the event of a ransomware attack, companies must delete all live data and restore it via backups. Cyber ​​criminals know that too. As a result, they increasingly damage the backup systems before activating the actual ransomware. The 3-2-1 backup strategy protects against this method. This means that companies make three backup copies, two of them on different media and one external. System images, application software or configurations must also be backed up.

8. Test the recovery process

The processes for backup and recovery should be tested for completeness and speed. Restoring a few files is quick, but how long does it take for hundreds of terabytes of data? Anyone who backs up data online should also check bandwidth and costs. Some cloud providers charge much higher fees for downloading data than for uploading them.

9. Immutable backups

Many backup systems now offer unchangeable storage options. A created backup file can no longer be overwritten, manipulated or deleted. The lock can be limited in time in order to meet legal requirements for tamper-proof protocols and data protection.

10. Defense in depth

No security measure can offer one hundred percent protection against ransomware. Companies should therefore pursue a defense-in-depth strategy. To do this, they switch several security measures one after the other, which work in different ways. This increases the cost of the attack as cyber criminals have to evade several different methods.

Which protective measures should be used in which cases depends on the business activity, the technological infrastructure, the culture and the risks. In the first step, it is important to analyze the possible threats to the company. In the second step, the systems and data that are particularly worthy of protection are to be determined. This is followed by defining the overlapping controls in order to eliminate as many threats as possible. And even if each measure only works 80 percent, three in a row ward off around 99 percent of the attacks.

More at F5.com

 


Via F5 Networks

F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.


 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more