Four Ways You Can Prevent Ransomware Attacks Right Now
2023 was another banner year for ransomware attacks. According to BlackFog’s annual report, 11 out of 12 months saw a higher number of attacks than the corresponding 2022, 2021, and 2020 numbers. We also witnessed a trend of fewer organizations reporting ransomware attacks, with the average unreported attack ratio totaling 541%. And ransomware doesn’t seem to be going anywhere; experts predict organizations will endure a ransomware attack every other second by 2031, costing almost $265 billion in global damages.
Ransomware threats were once the work of cybercriminals looking to exploit COVID-related digital vulnerabilities or conduct industrial espionage. In recent years, they have grown increasingly complex, even becoming a prominent warfare tactic in the conflict between Russia and Ukraine. That makes key targets out of companies that help municipalities manage critical infrastructure like water, transportation, communication, and the power grid.
Plus, ransomware has become more democratic in nature. Thanks to ransomware-as-a-service, anyone can be a hacker; everyone’s vulnerable — and we’re only as strong as our weakest link. So, what can you do to protect your company? First, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released an extensive set of resources to help companies understand ransomware infections, their potential impacts, and how to take action.
Based on their recommendations and our own work with clients, we’ve identified four key steps any company and its security team can take right now to ensure ransomware protection and proper incident response. Let’s review.
Step 1: Secure your email
Email is often the first link in the kill chain for attackers. Why? Because it’s an easy entry point to install a keylogger, record passwords, deploy email rules, and expose a user to other malware and clever attacks. As a result, phishing attempts are everywhere — and they’re getting smarter and harder to distinguish from legitimate email communications. Employees need regular security awareness training to be prepared to recognize these suspicious emails and email attachments, and have a method of reporting these attacks to an IT or security team.
Some email security methods detect and block these messages before the recipient even has a chance to open them. CISA recommends implementing security controls at the email gateway that can spot certain known malicious indicators like subject lines, spoofing attacks, and blocking suspicious IP addresses. You will also want to implement additional endpoint security, such as disabling macro scripts for Microsoft Office files sent via email since these scripts can be used to deliver ransomware. Lastly, a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy can help combat fraudulent email by providing authentication verification to email.
Step 2: Guard the endpoints
Let’s assume Step 1 fails — an employee falls victim to a phishing email. That doesn’t have to mean malware wins. With the proper endpoint protection, the phishing attack dies upon download.
To make sure all your endpoints are covered, first think about how employees access your systems. They probably use a number of devices, including desktop computers, laptops, and mobile phones. You need to make sure that all these endpoints are “clean,” or rather, protected from all types of malware. Do the devices that access your systems have the proper level of antivirus and cyber threat protection installed? If not, it’s time for some anti-malware. Also, consider BYOD endpoints and how Mobile Application Management (MAM) can help when your organization does not manage a personally owned device.
Step 3: MFA everything, all the time
Now let’s assume steps 1 & 2 BOTH fail. A malicious actor succeeds in installing malware and steals a user’s login credentials.
All is not lost thanks to Multi-Factor Authentication (MFA), also known as 2-factor authentication, two-step, and two-token, as these names vary by source and the technology used behind them. MFA is a great way to create a layered security posture that accounts for multiple contingencies. Even though the hacker has the password, they don’t physically possess the phone, key, card, chip, or app that will receive the second authentication factor (the number code you enter to complete your login or an approval push notification).
Note: you’re only as strong as your weakest link, so you’ll want to make sure that your vendors and partners are also using MFA to protect your systems and data.
Step 4: Always be scanning
Finally, from an operations standpoint, you should constantly monitor your systems and assess their level of vulnerability. Be sure to conduct regular vulnerability scanning so you can limit the attack surface by addressing gaps before they have an opportunity to be exploited.
In the eternal words of CISA: “When in doubt, patch it out.” It’s critical to regularly patch and update software and operating systems to the latest versions. That includes internet-facing servers, web browsers, browser plugins, document readers, and mobile devices.
Scanning is not only limited to your physical systems and devices. We further suggest regularly reviewing and implementing security best practices from your cloud provider, such as the Microsoft Security Score, and considering additional security tools such as Microsoft Defender for Cloud Apps. Information provided in these products results from scans based on real-time data in your cloud environment.
Your partner in preventative action
The best approach to ransomware prevention? One that accounts for multiple contingencies, a global increase in cyberattacks, and, of course, moments of human error. We work with our clients to understand their specific security needs and implement a tailored security solution that helps stop ransomware attacks.
Ready to start mitigating these rising threats? Email us today at info@collectiveinsights.com
Also, be sure to check out our other ransomware content, “Don’t Click That! Tactics for Shoring Up Security Culture Against Ransomware Attacks,” and "Why Ransomware Should be on Your Radar - And in Your Security Budget."