Before you can defend against an adversary, you have to understand them. While tactics may change, the end goals are usually the same. This post is the beginning of a series of writings on the effects and potential mitigations of ransomware. Kontinuum Expertly Managed subscriptions help to mitigate the occurrence and effects of a ransomware attack.
What is ransomware?
Ransomware is a malicious software designed to deny access to a computer system or data until a ransom is paid and to gain a copy of your data. Ransomware is typically spread through phishing emails or by a victim unknowingly visiting an infected website.
Who is at risk?
If your computer is connect to the internet, you are. As noted by the recent Solarwinds Orion breach, even government or law enforcement agencies and healthcare systems or other critical infrastructure entities are at risk.
What happens when you get ransomware?
In one word, devastation. Some victims pay to recover their files, but there is no guarantee that they will recover their files if they do. Recovery can be a difficult process that may require the services of a reputable data recovery specialist. Not to mention, your data will be sold to third-parties.
Ransomware incidents will severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. The monetary value of ransom demands has increased, with some demands exceeding $1 million. To ensure a ransom is paid, ransomware incidents have become more destructive and impactful in nature and scope. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations of all sizes.
How are you attacked with ransomware?
Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay, and publicly naming and shaming victims as secondary forms of extortion. Malicious actors are usually able to move across your entire I.T. infrastructure to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations.
Who is behind the ransomware attacks?
Truthfully, no one but the ransomware actor knows. Malicious actors can be nation-state actors trying to cause harm to critical infrastructure, or cybercriminals trying to enrich themselves.
How can you mitigate ransomware?
Kontinuum recommends the following precautions to protect users against the threat of ransomware:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Back up data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when using devices that connect to the Internet. Read Good Security Habits for additional details.
Best practices to protect against ransomware?
In addition, Kontinuum also recommends that organizations employ the following best practices:
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application white-listing to allow only approved programs to run on your systems.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.