News and commentary on ransomware have hit a fever pitch with recent, high-profile attacks against global software management provider Kaseya, gas supplier Colonial Pipeline, popular Cape Cod ferry service, The Steamship Authority, and JBS, the world’s largest meat company by sales. The attacks highlight ransomware’s ubiquity and effectiveness among the different kinds of cyber threats. With more than 4,000 ransomware attacks occurring daily since the start of 2016 according to The U.S. Department of Justice, every company of every size, every network stack, and every infrastructure deployment is a potential target.
Like many cyber-threats, it is time to adapt to the evolution of ransomware for effective mitigation strategies. The Cyber Threat Alliance, a collaboration of nine cybersecurity firms who provide threat intelligence and cyber threat research, has issued Ransomware Prevention Tactics for Businesses.
“Businesses should expect their networks and data to be targets of ransomware attacks,” said John Watters, vice president, services delivery at Carbon Black. “For businesses whose data is mission-critical, this means having a sound plan and defense to minimize damages. Ransomware protection requires a multi-pronged approach, including prevention, detection, and incident response.”
The first step in effectively preventing ransomware attacks is to understand the threat using information from your adversaries. The Threat Matrix, a tool developed by the Cyber Threat Alliance that identifies adversary hackers’ methods of attack, reveals that ransomware is used as a means of procuring data in two ways. First, by attacking an organization’s network until credentials are obtained by encrypting their data with ransomware. Second, by infiltrating an organization’s network to disable or destroy critical infrastructure systems needed to maintain operations and access customer accounts.
Prevention involves eliminating the ability of an adversary to gain access to your network. It also requires defending against the tactic by obtaining the maximum amount of visibility possible into an adversary’s network using existing technologies. For an attack to be successful, there must be one or more network vulnerabilities that a hacker can exploit.
Ransomware attacks are inherently stealthy. They can be launched via malicious emails or attachments, or as a result of spear-phishing credential harvesting attacks. Just as with malware infection detection systems used by enterprises, organizations can deploy endpoint security solutions that scan email for malicious attachments and track events triggered by compromised accounts within enterprise network resources.
Detecting ransomware when it’s already deployed is the final step. Identification relies on behavioral monitoring of all your network activity by using solutions like security analytics to look for signs that something is wrong with your networks – such as suspicious domains or anomalous system behavior. Analysts can then use that information to quickly obtain more context and decide whether a request needs a deeper inspection before granting access.
Once identified, chances are high that your data will be compromised. The only way to stop a ransomware attack is by effectively cleaning infected systems or pinpointing where malicious code was deployed. A FireEye Labs report found that nearly 75 percent of all ransomware infections were detected by endpoint security solutions installed on endpoints or cloud-based services. “Companies need to build endpoint security solutions that detect and respond to infection before the virus manages to encrypt data,” said Hultquist.
Organizations must consider the possibility of ransomware attacks on their networks and quickly develop an effective detection and response plan. Since prevention requires strong network protection and endpoint security solutions, it is important to begin this planning now.
Interested in reading more about ransomware prevention and defenses? Strengthen Your Ransomware Defenses discusses the information of how and why an upgrade to the ransomware defenses is beneficial for any business.
If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant, or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.
Recent Comments