Ransomware attackers are on the move … Are you Safe?

In mid-May 2019, the city of Baltimore was hit hard by a “RobinHood” ransomware attack). The ransom asked for was 13 bitcoins, currently valued at just over $102,000, but the side effects from downtime has led to a total estimated cost of over $18 million.

Ransomware Protection and Security

 

Another group, the “GandCrab” ransomware attackers announced on June 1st that they would be shutting down after extorting 2.5 billion dollars in 18 months. The GandCrab attackers operated with a Silicon Valley-esque “as a service” model, giving even low-skill malicious actors access to top-of-the-line ransomware. 

Although GandCrab is shutting down, “RobinHood” attackers and hundreds of others have not been caught and are still be after large and small businesses.

Where do you stand in your defenses? Have you deployed the top 10 protection strategies against ransomware?

Here we detail the top 10 protections against ransomware. Though this is not an all-inclusive list, by missing any of the below protections, you are vulnerable prey to having data stolen, destroyed, or ransomed. 

1. Have an effective backup and restoration plan and test restoring of backups regularly

The only 100% foolproof way to protect your company from ransomware is having a strong disaster recovery plan. Backups are the “Escape Pod” when ransomware has taken over the rest of your IT environment (ie. The Mothership)  

A good backup plan is as easy as “3-2-1”

  • 3 copies of your data
  • 2 separate physical locations
  • 1 copy stored offline or in “cold storage” not accessible on the network


2. End-user education and testing

Knowledge is Power (and safety). User education protects against phishing attacks and malicious downloads by arming users with patterns and behaviors to be weary of and faster incident reporting.

Regularly testing of users helps business leaders identify high risk users adjust accordingly (restrict permissions, tighten spam filtering, etc)

 

3. Configure company email systems to leverage best practice technologies

According to Symantec, 71% of threats’ initial point of entry is through email systems. Standard, widely available tools have been developed to thwart the most prevalent attacks – but these require implementation. All companies need to use an SPF validation and an enterprise-level email security service which includes active threat protection and virus scanning.

 

4. Configure your firewall block malicious IPs

Utilizing a firewall to block known malicious addresses and suspicious regions is simple, straightforward, and effective.

 

5. Patch your operating system and key applications

Vendors like Microsoft have the highest level of awareness of the vulnerabilities that affect their platforms, as well as the highest competency to remediate them.

Patching is required to take advantage of any and all security fixes deployed by these vendors.

Importantly, patches are released with patch notes, which inform sysadmins but also inform malicious actors where to begin probing for vulnerabilities.  who reverse-engineer the notes into active threats to unpatched systems.

A controlled patch with complications is always preferable to an uncontrollable system outage from an attack. The patch can be rolled back, an attack cannot.

 

6. Antivirus software with regular updates and regular scans

Antivirus applications proactively scan potential threats from new downloads and scan regularly for any suspicious file changes, comparing against virus definitions which are actively updated by sizable vendors like Bitdefender and Sophos. This provides security at the client endpoint, the most exploited attack surface.

 

7. Access restrictions, especially for backups. only use admin rights when needed

Restricting access to critical systems directly reduces risk of a breach by limiting the number of administrative accounts which may be targeted, as well as reducing the impact of a breach for any non-admin users.

 

8. Refrain from using public Remote Desktop Protocol

Don’t leave your front door open.

Microsoft’s Remote desktop protocol is the most abused remote connectivity protocol, in terms of both the number of malicious scripts looking for potential connections and the extent of the effort into finding vulnerabilities in the protocol itself. Because exposing your servers publicly is never necessary, steps should be taken to restrict access to your local network.

 

9. NIST Password Policy

The old established password along the lines of “7 characters with a number, capital letter, and special character” does not cut it anymore. Cracking algorithms have become faster and more accurate, and the National Institute of Standards and Technology (NIST) has adjusted their standards accordingly.

 

10. Network segmentation

In order to reduce the available attack vectors as well as the impact of any potential breach, internal systems should be provided network-level permission to communicate such that they function properly, and nothing more. Networks should be separated into different VLANs on different subnets, and communicate with a policed router as their gateway.

 

Check back on our blog to learn more about improving your network security against ransomware and other attack vectors in the coming weeks.  If you have specific challenges facing you today, please don’t hesitate to contact us. We provide extensive IT Security and Compliance services for our customers.