by Anne Grahn, CISSP, Cyber Communications Manager of SHI International Corporation
View the entire newsletter for more articles: 2019 – NJAC County Biz – November
Despite a decline in the number of ransomware attacks over the past two years, there has been a dramatic increase in ransom demands.
Recent attacks on Lake City, Florida, Riviera Beach, Florida, LaPorte County, Indiana, Baltimore, Maryland, and organizations including Eurofins Scientific, COSCO, Norsk Hydro and Aebi Schmidt offer examples of the disruption and damage ransomware can cause.
Cybercriminals are using more covert tactics, carefully targeting organizations they believe are likely to pay a significant amount of money. Fortunately, there are steps you can take to defend against this kind of malware. These nine tactics can help protect your organization.
- Take data backups seriously. Don’t just back up data on a daily basis. Ensure you have thoroughly tested your ability to recover systems and data in the event of an attack. Consider removing critical assets to offline cold storage. By being disconnected from the network, these backups are less vulnerable to attack,
- Don’t pay the ransom. Restoring systems that have been compromised can be a long and costly process, making this an unrealistic expectation for some organizations. However, you can’t trust cybercriminals to release systems and data. By paying up, you could be encouraging future attacks.
- There are tools available to help organizations retrieve encrypted data without paying the ransom. The FBI — in partnership with law enforcement agencies from eight European countries as well as Europol and BitDefender — recently released decryption keys for all versions of GandCrab ransomware.
- Strengthen patch management. Patching commonly exploited software such as Java, Flash, and Adobe can help prevent attacks from being successful in the first place. Consistently monitor for vulnerabilities. Audit patching processes and evaluate technologies and policies that can make them more effective, leveraging automation whenever possible.
- Implement least privilege. Reduce the risk of attackers gaining access to critical systems or sensitive data by giving users only the bare minimum privileges needed to do their jobs. Identity and access management (IAM) controls can help you grant least privilege access based on who’s requesting it, the context of the request, and the risk of the access environment.
- Filter web and email content. Email containing malicious URLs is the most common ransomware attack method. Implement web and email content filtering controls to block and quarantine threats, and remove suspicious links from traffic before users can access them.
- Protect endpoints from known and unknown ransomware threats with machine learning
- Centralize endpoint security with a platform that applies policies across all endpoints
- Leverage behavioral indicators of attack (IOAs) to defend against ransomware written in PowerShell
- Protect your endpoints. Endpoint detection and response (EDR) tools continuously monitor and record endpoint activity and events, and use behavior analytics to identify breaches. EDR helps you:
- Complement efforts with threat intelligence. Keeping up with the latest threat intelligence helps you detect an attack quickly, understand how best to respond, and prevent the attack from spreading. Threat intelligence can also help you identify where some of the attacks are coming from and use that information to block incoming traffic at the firewall.
- Check your cyber insurance. If you don’t already have it, purchase cyber extortion coverage that entitles you to incident response assistance and reimburses you for the amount of the ransom if it’s paid.
- Train employees. Provide continuous security awareness training to ensure your employees follow good cyber hygiene practices on all devices — such as strong passwords and secure Wi-Fi connections — and help them detect and react to phishing.
Getting started
According to a new report published by IBM’s X-Force Incident Response and Intelligence Services (IRIS), the recent spate of ransomware attacks is part of a larger increase in destructive malware incidents over the past six months. These nine steps can ensure you’re prepared to defend your organization and data.
Professional security assessments can help you get started by identifying and prioritizing weaknesses in your security program, and developing an actionable roadmap for remediation. Contact your SHI account executive to learn more.
Garth Whitacre contributed to this post.