Cyber extortionists are constantly developing new ways to inject ransomware into organizations. Using tactics like brand phishing, they impersonate big names like PayPal to send bogus payments. Businesses should consider 5 points to have a more robust defense against ransomware.
The developers behind the ransomware Hive alone were able to steal around 100 million US dollars through blackmail. The Lockbit cybergang wants 50 million US dollars from Continental AG to restore a 40 terabyte data package. Ransomware evolves quickly, and potential victims need to do the same. So how can companies keep up with ever-changing challenges?
Robust data protection
The goal of ransomware is to force victims to pay a ransom before they can regain access to their encrypted data. Of course, this is only effective if you could actually lose access to your data. A robust, secure data backup solution is therefore an effective way to mitigate the effects of a ransomware attack. If systems are backed up regularly, data loss from a ransomware attack should be minimal or non-existent. In this way, the attackers are deprived of one of their most important levers: the unavailability of their own data.
Cyber Awareness Training
Phishing emails are one of the most popular ransomware distribution methods. By tricking a user into clicking a link or opening a malicious attachment, cybercriminals can gain access to the employee's computer and begin installing and running the ransomware program. Regular cybersecurity training is critical to protecting the organization from ransomware. This training should encourage employees to use classic best practices, such as verifying the legitimacy of links before clicking them.
Reinforcement of user authentication
Cyber criminals often use the Remote Desktop Protocol (RDP) to gain remote access to an organization's systems using guessed or stolen credentials. Once the attacker has penetrated the system, he can place ransomware on the computer and run it. This potential attack vector can be closed by using strong user authentication. Enforcing strict password policies, requiring multi-factor authentication, and educating employees about phishing attacks designed to steal credentials are important parts of an organization's cybersecurity strategy.
Use current patches
One of the most well-known ransomware variants out there, WannaCry is an example of a ransomware worm. It spread by exploiting a vulnerability in the Windows Server Message Block (SMB) protocol. At the time of the famous WannaCry attack in May 2017, there was a patch for the EternalBlue vulnerability used by WannaCry. This patch was already available a month before the attack and was classified as "critical" due to the high potential for exploitation. However, many companies and individuals failed to install the patch in time, resulting in a ransomware outbreak that infected 200.000 computers in three days. Routinely keeping computers up-to-date and downloading security patches directly can dramatically reduce an organization's vulnerability to ransomware attacks.
Anti-ransomware solutions
Protecting against ransomware "slipping" through gaps in defense systems requires a specialized security solution. In order to achieve its goal, ransomware needs to perform certain anomalous actions, such as opening and encrypting large numbers of files. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviors commonly exhibited by ransomware. If these behaviors are detected, the program can take steps to stop encryption before further damage can be done.
Optimal protection against ransomware involves a combination of factors: acknowledging human error, investing the time and resources to protect employees and managers from pitfalls that introduce ransomware, regular security updates, and a consolidated end-to-end cybersecurity solution that includes threat detection. Ransomware is countered with prevention, and those who heed these five tips need not fear blackmail with their own data.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.