A ransomware attack forces its victims to pay extortion money by infecting their computers with malware. Using encryption techniques, ransomware encrypts data, making it unusable.
As ransomware attacks have evolved over time, the encryption techniques used to harm victims have also become more sophisticated, which makes it more challenging to break them. Ransomware attacks are evolving and developing, resulting in data loss if the attacker’s demands are not met. The latest ransomware attacks use double extortion techniques, encrypting important files, stealing sensitive data, and threatening to publish it online if their demands aren’t met.
In most cases, phishing emails and drive-by downloads are used to deliver malware. An advanced ransomware attack uses lateral movement techniques to spread throughout the network, which can take seconds to infect the entire network, resulting in productivity losses and financial losses for the organization. Consequently, users and organizations need to protect themselves proactively from ransomware. A quote from the age-old saying “Precaution is better than cure” comes to mind here as a prudent way to stay safe in a digital age that is constantly changing.
Here are a few steps you can take to prevent Ransomware attacks
Security Awareness
Phishing emails, fraudulent/untrusted websites, and social-engineering techniques can be identified by security awareness training. By implementing this awareness and taking the resulting mindful actions, we can save ourselves from the dangers of ransomware.
Backup
The use of regular backups can help users/organizations recover important files and data in the event of a ransomware attack. To prevent them from getting affected, keep your important data backed up regularly and securely by storing it offline or keeping it disconnected from the network. Once you have removed the malware from your computer, your files can be restored from the offline backup.
OS and Software Patching
Software vulnerabilities can be exploited by ransomware to spread laterally. Consequently, we should take measures to protect ourselves from potential vulnerabilities.
Make sure your Operating System and other software are up-to-date by applying the latest patches. Security vulnerability patches are frequently included in software updates to address newly discovered vulnerabilities that attackers can exploit.
Ensure your computer is up-to-date with patches and updates for applications like Microsoft Office, Java, Adobe Reader, Flash, and all Internet browsers, including browser plugins (if you have any) and any other applications you may have installed.
Ensure that you do not download unverified, cracked, or pirated software, as it can contain malware.
Whenever possible, avoid downloading software from untrusted torrent or P2P sites. There is a high probability that they are malicious.
Be aware of Phishing Attacks
Avoid clicking on links or downloading attachments from unknown or unverified sources or emails. Phishing emails frequently include a sense of urgency. They are designed to trick you into taking action, such as downloading an attached file or clicking a link.
Network Segmentation
Ransomware spreads laterally in a network, so it’s vital to limit its spread. Using network segmentation, you can isolate an infected system and prevent it from spreading to the rest of the network.
Additionally, you can maintain the security of your network by:
Passwords for login accounts and network shares should be strong and unique.
Disable unnecessary admin shares and granting limited access permissions to shared data as necessary.
Review RDP access & disable it if not required, or set appropriate rules to only allow the systems you intend to use.
Configure the firewall to:
Deny access to all important ports (for example, RDP port 3389).
Access only those external IPs/sites that have been verified as safe and are needed for legitimate purposes.
Accessing the network through a VPN is preferable to using RDP over the public Internet.
As much as possible implement Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA)
Establish a lockout policy to prevent credential guessing.
Manage access to shared network folders by creating separate network folders for each user.
Don’t keep shared software in executable form.
Setting up a strict access and privilege policy
A user’s or system’s access to the system and network should only be granted to those who are authenticated. By doing so, we will be able to detect and prevent the spread of ransomware.
Management of users and privileges on your devices can be simplified by following the following practices: –
While logged in as an administrator, avoid browsing, opening documents, and doing other activities.
Ensure that no unnecessary services are running, such as Bluetooth, file sharing, etc.
Access control is maintained by limiting users’ access to their specified tasks and actions to reduce the impact of data loss in the event that a user gets infected.
When an older version of Microsoft Office is installed, macros are automatically disabled.
Perform regular audits of “Local / Domain Users” and remove/disable unwanted accounts.
Protect your email and user accounts with strong passwords. The most secure passwords include letters in uppercase, lowercase, numbers, and special characters. The problem comes from common passwords like Password, Admin@123#, etc.
Establish password expiration and account lockout policies (in case an incorrect password is entered several times).
If users don’t need administrator privileges, don’t assign them.
Install a Trusted & Reputed Cyber Security Solution It is imperative that all your devices are protected by a reputable and trusted cybersecurity solution, such as eScan. Always keep your product up-to-date with the latest updates.
How does eScan provide complete protection?
The eScan products provide multi-layered security using artificial intelligence. By using advanced technology, known-bad attacks and unknown & new attacks can be countered.
1. Firewalls, IPSs, web protection, and email protection are the first line of defense for blocking known bad content.
- Firewalls: Using it, unwanted traffic can be restricted coming through unwanted ports and applications.
- Web Protection: Protects users from communicating with known bad websites and URLs (malicious).
Email Protection: Prevent users from downloading and opening malicious email attachments.
HIPS: System-based intrusion detection and prevention systems are useful in preventing and limiting network-based attacks that exploit OS and application vulnerabilities at the network layer.
i) As an example, WannaCry ransomware exploits a vulnerability in Windows SMB and can be detected using IPS Layer.
ii) It is only through IPSs that Denial of Service attacks, Cross Site Scripting attacks, SQL Injection attacks, Deserialization attacks, etc. can be mitigated.
2. Detection of known-bad files on disk and real-time protection is the second line of defense (blocking known-bad content).
- If malicious files are installed on an endpoint through the internet or other means, such as removable USB drives, then this technique is helpful.
- Incorporating heuristics & machine learning into this layer of protection increases its effectiveness.
3. Third Line of Defense (preventing access to the unknown based on malicious behavior or characteristics)
Based on malware attributes, heuristic detections (like file name, path, file attributes, digital certificate, etc). In advance malware that is unknown or zero-day can be found thanks to this.
- Cloud-based and artificial intelligence-based detections
- Behavior-based detection: systems for detecting behavior-based malware and anti-Ransomware.
Maintaining effective cyber hygiene is critical for staying protected against the ever-increasing risk posed by ransomware. You can protect yourself by observing the practises mentioned above.
