In this post, I will not include an exhaustive list of technical ransomware details, different malware strands, and business implications of this kind of crimeware.
I will focus, instead, on preventive measures to stop ransomware. Here they are:
-
Conduct periodic end-user security training. Since ransomware infections spread primarily through spam networks and via phishing attacks including attachments, conducting end-user security training with employees is a particularly effective strategy to prevent them from clicking on fake and phishing emails pretending to come from legitimate and known contacts. The act of clicking on attachments can cause a domino effect, where the malware spreads through the network and encrypts documents it finds. Addressing the human factor in malware infections is the single most important preventive action you can take for your organization.
-
Obviously, you cannot prevent all risks of users’ actions. A system-compromising action will happen eventually. While you keep this in your mind, your organization’s security posture needs to be resilient in a way it that it has appropriate compensating controls to prevent the infection and spreading of the malware.Vulnerability and patch management are the security disciplines that can help you tremendously in this area. You must be focused on identifying and remediating critical vulnerabilities not only in operating systems (like Windows) but also in applications, such as Microsoft Office, Adobe Acrobat and Flash, and Java, etc, as it can help your prevent the original exploit used by ransomware from working. Thus preventing the downloader from getting the ransomware remotely. Again, the last and most difficult frontier of vulnerability management is the application arena.
-
Most of the ransomware found in the wild uses Microsoft Office macros to escalate privileges upon opening the document and executing remote code. Simply disabling macros on the Microsoft Office suite of applications can often do the trick at stopping ransomware from spreading. Another strategy could be using Microsoft Office viewers that do not include macro functionality to check those attached documents. With macros disabled, the exploit trick these ransomware uses to install itself and spread, is no longer effective.
-
Sometimes the infection through a Microsoft Office vulnerability or macro, launches in small stages which reach outwards on the Internet to download more malware. This Command & Control (C&C) channel is possible, because certain protocols and ports are allowed outbound access. Proper firewall egress blocking and monitoring and internal network segmentation would allow this C&C channels to be blocked thus preventing further downloads to be achieved.
-
Properly working endpoint security controls should be in place, so that in-memory malicious processes and egress traffic could be detected and blocked as soon as they arise.
-
Protocol and application-level filtering and blocking - better if performed in-line - is another effective strategy to block common C&C network protocol and application communication channels (for example: TOR) used by malware and ransomware to spread and call “home”.
-
An established part of most organizations’ security programs is the business continuity and disaster recovery plan. As part of these practices, regular incremental backups should be taken and maintained for the purpose of restoring information essential to the business. A simple backup could transform a crisis situation into a routine event of replacing the information encrypted by ransomware.
-
Regularly performed penetration testing and ongoing vulnerability management would help organizations identifying “low-hanging fruit” attack vectors in order to prevent malware from installing and spreading.
-
Well-managed threat intelligence information will allow your organization to know whether they are under attack by specific hacking groups, what are the malware / ransomware / vulnerabilities used in such attacks, and what are the best courses of action to be taken to mitigate such emerging threats.
-
Create, manage, and train for proper security incident response with defined roles and responsibilities of people throughout the organization. In the case of a malware infection and security breach, this will help with prevention and recovery efforts as well.
-
As you can see, in the area of malware and ransomware, an ounce of prevention is worth a pound of detection. Go back to basics by appropriately building your organization’s security program from a good foundation. Harden and secure your security posture and use a solid vulnerability management platform that can help you analyze, prioritize, and remediate your risks.
Guys, what do you think about this post on preventing Ransomware Attacks? How it may help you?
Please leave me your thoughts in the comment section.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM