Four Ways You Can Prevent Ransomware Attacks Right Now
2021 was a banner year for ransomware attacks. According to BlackFog, they increased by 17% over 2020, while some verticals experienced much higher increases, including the government sector (24%), technology (89%), and retail (100%). These attacks remain a massive concern in 2022 because their domain is only widening.
Whereas previously, ransomware was the work of cybercriminals looking to exploit COVID-related digital vulnerabilities or conduct industrial espionage, it has become a prominent warfare tactic in the ongoing conflict between Russia and Ukraine. That makes key targets out of companies that help municipalities manage critical infrastructure like water, transportation, communication, and the power grid.
Plus, ransomware has become more democratic in nature. Thanks to ransomware-as-a-service, anyone can be a hacker; everyone’s vulnerable—and we’re only as strong as our weakest link. So, what can you do to protect your company? First, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released an extensive set of resources to help companies understand ransomware, its potential impacts, and how to take action.
Based on their recommendations and our own work with clients, we’ve identified four key steps any company can take right now to help prevent a ransomware attack. Let’s review.
Step 1: Secure your email
Email is often the first link in the kill chain for attackers. Why? Because it’s an easy entry point to install a keylogger, record passwords, deploy email rules, and expose a user to other malware and clever attacks. As a result, phishing attempts are everywhere—and they’re getting smarter and harder to distinguish from legitimate email communications. Employees need regular training to be prepared to recognize and delete these messages and have a method of reporting these attacks to a Security or IT team.
Some methods detect and block these messages before the recipient even has a chance to open them. CISA recommends implementing protection at the email gateway that can spot certain known malicious indicators like subject lines, spoofing attacks, and blocking suspicious IP addresses. You will also want to implement additional endpoint security, such as disabling macro scripts for Microsoft Office files sent via email since these scripts can be used to deliver ransomware. Lastly, a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy can help combat fraudulent email by providing authentication verification to email.
Step 2: Guard the endpoints
Let’s assume Step 1 fails—an employee falls victim to a phishing attempt. That doesn’t have to mean malware wins. With the proper endpoint protection, it dies upon download.
To make sure all your endpoints are covered, first think about how employees access your systems. They probably use a number of devices, including desktop computers, laptops, and mobile phones. You need to make sure that all these endpoints are “clean,” or rather, protected from malware. Do the devices that access your systems have the proper level of antivirus and threat protection installed? Now is the time to make it happen. Also, consider BYOD endpoints and how Mobile Application Management (MAM) can help when your organization does not manage a personally owned device.
Step 3: MFA everything, all the time
Now let’s assume steps 1 & 2 BOTH fail. A malicious actor succeeds in installing malware and steals a user’s login credentials.
All is not lost thanks to Multi-Factor Authentication (MFA), also known as 2-factor authentication, two-step, and two-token, as these names vary by source and the technology used behind them. MFA is a great way to create a layered security posture that accounts for multiple contingencies. Even though the hacker has the password, they don’t physically possess the phone, key, card, chip, or app that will receive the second authentication factor (the number code you enter to complete your login or an approval push notification).
Note: you’re only as strong as your weakest link, so you’ll want to make sure that your vendors and partners are also using MFA to truly protect your systems and data.
Step 4: Always be scanning
Finally, from an operations standpoint, you should constantly monitor your systems and assess their level of vulnerability. Be sure to conduct regular vulnerability scanning so you can limit the attack surface by addressing gaps before they have an opportunity to be exploited.
In the eternal words of CISA: “When in doubt, patch it out.” It’s critical to regularly patch and update software and operating systems to the latest versions. That includes internet-facing servers, web browsers, browser plugins, document readers, and mobile devices.
Scanning is not only limited to your physical systems and devices. We further suggest regularly reviewing and implementing security best practices from your cloud provider, such as the Microsoft Security Score, and considering additional security products such as Microsoft Defender for Cloud Apps. Information provided in these products results from scans based on live data in your cloud environment.
Your partner in preventative action
The best approach to stopping a ransomware attack is a layered one that accounts for multiple contingencies and, of course, moments of human error. We work with our clients to understand their specific security needs and implement a tailored solution that supports a preventative solid security posture. Ready to take action? Email us today at firstname.lastname@example.org
P.S. Stay tuned for Part 3 in our ransomware series, where we discuss how to build a more robust security culture in your organization. Also be sure to check out our other ransomware content, here.