Ransomware is Usually Activated Through
Ransomware attacks often rely on victims making a few basic mistakes that are manipulated via social engineering.
1. Protect your Portals
Bad actors often gain access by looking for remote access portals such as RDP (remote desktop protocol) and SSH (secure shell) that aren’t properly secured. Sometimes they are set up by IT staff to temporarily address a particular but are then forgotten.
Learn how to scan your own network from the outside and make sure that any services that are open and listening for connections are supposed to be there, and that they are on your regular security checklist.
2. Pick secure passwords
- When you’re in a hurry, it’s easy to take shortcuts to get systems working (while intending to follow up later).
- Whenever there’s a password dump from a data breach, you will invariably find the password changeme or ‘password’ near the top of the list.
- Many people start with basic passwords with every good intention to pick a proper one soon, but never get around to it.
- Start with proper passwords from the outset and two-factor authentication to augment your security whenever possible.
3. Review your logs
Many ransomware attacks are launched after the attackers have invested considerable time (days or weeks) to first build a map of your entire network.
This careful planning enables hcakers to ensure that they will get the destructive result that will justify payment of the ransom that attackers will demand.
There are often telltale signs in your logs, such as creating new accounts at unusual times; and external network connections that don’t follow normal patterns.
4. Respond to warnings
If you’ve set your alerting system at a level that constantly sends warnings, your IT team will almost certainly get alert fatigue and may miss the critical issues. Tuning the level of alerts that are sent to your staff is critical.
Threats often pop up on your network as false flags to test which actions will set off alarms, in the hope of pulling off a much bigger attack later on.
5. Patch, patch, patch
Hackers are continually scanning your network for new paths to get in while they can also scan for externally accessible services that aren’t patched at the same time.
Hackers automatically build lists of potential victims to come back to later – so aggressively patching systems is very important.
Three common mistakes lead to inadequate
prevention and ineffective response:
1. Failing to understand risk in business terms.
2. Not sufficiently stress testing your ransomware readiness.
3. Backup and recovery planning that doesn’t address ransomware.
Common mistake #1 – The business implications of security risk
No organization is bulletproof, but attacks take time – which means early detection with more advanced intrusion detection and a series of roadblocks for hackers to overcome (greater network segmentation, appropriate end-user restrictions, etc.) are crucial for prevention.
Convincing business leaders to make additional security investments (like buying extra insurance) is often a challenge.
Fix mistake #1: Quantify business impact to enable an informed cost-based business decision
- Tighter security controls (via technology and policy) create business friction and budgets are not unlimited.
- Make a business case that presents quantifiable business impact, not just the risk. Help senior leadership understand – in this case, the cost of improved security vs. the cost of a security breach.
- Focus on key applications and datasets to get a representative sample, and get a rough estimate of cost, goodwill, compliance, and/or health & safety impacts to your organization.
Common mistake #2 – Not going deep enough in testing ransomware readiness
Even organizations with a mature security profile and documented response plans often find gaps including:
- Poor coordination between security and infrastructure staff, unclear handoffs during the assessment phase.
- Not leveraging existing tools (e.g., configuring auto-contain features).
- Limited visibility into some systems (e.g., IoT devices and legacy systems).
Fix mistake #2: Act quickly, be thorough
- Start Penetration Testing now to validate security technology and configuration, even If you can’t secure funding.
- Most tabletop planning exercises are designed to simply validate your existing incident response plans (IRP), not identify weaknesses.
- Focus on a likely attack scenario and the actions you would take to detect, contain, and recover from the attack. What tools would you use? What data would you review? What patterns would you look for?
Common mistake #3 – Backup strategies don’t account for ransomware scenarios
The traditional safety net if hackers access your network is your ability to restore from backup or failover to a clean standby site/system.
A key goal of a ransomware attack however, is to disable your ability to recover – by targeting backups and standby systems, not just the primary data. If you’re not explicitly guarding against ransomware all the time, the money you’ve invested to minimize data loss due to traditional IT outages – from drive failures to hurricanes – becomes meaningless.
Fix mistake #3: Diversify your backup strategy
- Create multiple restore points so that you can be more granular with your rollback and not lose as much data.
- Reduce the risk of infected backups by using different storage media (e.g., disk, NAS, and/or tape) and backup locations (i.e., offsite backups). If you can make the attackers jump through more hoops, it gives you a greater chance of detecting the attack before it infects all of your backups. Start with your most critical data and design a solution that considers business need, cost, and risk tolerance.
- Invest in solutions that generate immutable backups. Most leading backup solutions offer options to ensure backups are immutable (i.e., can’t be altered after they’re written). Expect the cost to be higher, of course, so again consider business impact when deciding what needs higher levels of protection.
Summary: Ransomware Security Planning
Ransomware attacks can be sophisticated, basic security practices just aren’t good enough. Get buy-in from senior leadership on what it takes to be ransomware-ready by presenting not just the risk of attack, but the potential extensive business impact. Assume you’ll get hit, be ready to respond quickly, test realistically, and update your DR strategy to encompass this fast-evolving threat.
Hackers Count on Human Mistakes
No matter how much money a business invests in cybersecurity, any network can be compromised by a single human error. Recent data shows human mistakes caused 27% of data breaches in the US this year alone. If you want to make a serious difference in your cybersecurity make employees aware of potential risks and give them guidelines to maintain best cybersecurity practices.
1. LACK OF CYBERSECURITY KNOWLEDGE
Employees who don’t know about cybersecurity are more likely to open infected files, click on phishing links, and rely on public Wi-Fi. They are vulnerable and so is your network. It is critical to incorporate cybersecurity training and information that is tailored to the role of users on the network.
2. CHOOSING WEAK PASSWORDS
Does your business have a password management policy in place? If not, employees may unknowingly put the business at risk. Poor password management habits include using weak passwords, default credentials or storing passwords on non-encrypted forms.
3. CARELESS HANDLING OF SENSITIVE DATA
All employees are human and make mistakes such as accidentally deleting sensitive files, sending emails to wrong addresses, and not encrypting sensitive data. Lack of awareness about potential security threats can have dire consequences at the workplace.
4. USING OUTDATED SOFTWARE
Old or insecure software is a hacker’s best friend. Failing to update applications or using software downloaded from unauthorized sources both act as common gateways for the introduction of malware and viruses.
Request a Free Trial