Ransomware attacks can be highly damaging to your network. The attack enters as a malware virus, which is unknowingly brought into the network through a clickable email link or attachment. The link infects the unsuspecting user’s computer with a malware virus which then searches for other systems to infect across the network. Once the virus is in the network, the perpetrator has the ability to encrypt files and hold them for ransom.
So, how can you prepare and mitigate possible damage? Here are the top security preparation and mitigation practices that can protect your network:
- Train end users to recognize potentially malicious links and websites
- Regularly back up files in off-net locations
- Keep programs and operating systems updated
- Use system components and administration tools securely
- Protect the network with firewalls and intrusion prevention systems
- Protect servers with encrypted connections and AD management
- Protect end points with next generation anti-virus agents
Regularly back up your files
Ransomware capitalizes on fear—the fear of getting locked out of your machine, losing access to mission-critical or personal data, or disrupting business operations. Eliminate the data kidnapper’s leverage by regularly backing up your files. Local backups that are connected to the network and always online are also susceptible to getting encrypted, so it is not a recommended solution for backing up your environment. Once ransomware is in the network, all network shares and online devices are at risk. If it is reachable, it will be encrypted. The best approach to ensure backup data is usable requires restricted local routines that are only reachable by the agent machine during the backup window. The local backups should also be coupled with an offsite backup archive that can be used in the event of a catastrophic loss of all local resources.
Keep your programs and operating system updated
Much file-encrypting malware takes advantage of vulnerabilities to get into the system. Patching and keeping the OS, its software/programs, and any third-party applications updated can effectively thwart attacks that exploit security flaws. There are many tools available to help you manage your environment.
Use system components and administration tools securely
Cybercriminals are increasingly abusing legitimate utilities and system administration tools to install and execute malware. This modus operandi provides bad guys efficiency, convenience, and stealth.
Ransomware is no different. Malware has used PsExec, PowerShell, freeware, and commercially available software to attack networks.
Mitigate these kinds of attacks by enforcing the principle of least privilege. Restrict and limit exposure by granting end users enough access or privileges to accomplish a task or run an application. Disable unnecessary and outdated protocols and programs that can otherwise give attackers entry points into your systems.
Protect your network
Protecting the network against ransomware is a must as these threats leverage infected networks to communicate with their command and control (C&C) servers and propagate to other systems within the network share. Firewalls and intrusion detection and prevention systems help pinpoint, filter, and block malicious network traffic and activity. They also provide forensic information that can help detect incursion attempts and actual attacks.
A DNS and IP layered solution adds protection for your environment when these infections attempt to call home for the payload. This type of solution will inspect all traffic incoming and outgoing from the network and stop all threats over all ports and protocols. It will also stop malware before it reaches your endpoints or network. If there are machines that are used inside and outside the organization, remote device agent can also be loaded on them to protect them remotely by relaying the traffic from that device through the cloud servers when it is away.
There are also other approaches you can consider. Network segmentation not only mitigates local traffic congestion; it also improves security by allocating only the resources specific to the user, which significantly diminishes ways for attackers to move laterally within the network.
Data categorization can accomplish the same thing. Classifying data not only makes access more efficient but also determines their value within the organization. Ultimately, these solutions can help mitigate any damage incurred from a breach or attack.
Protect the servers
A single, vulnerable machine is sometimes all it takes to infect systems and servers within the network. Keep the servers patched and updated. Strengthen your user credentials against brute-force attacks by setting the proper password and account lockout policies in AD. Once in place, these policies need to be monitored for failed logon attempts so you are able to get in front of the attack when it begins. You can also implement multi-factor authentication to add a second layer of security for your environment. All sessions should also utilize encrypted channels to prevent attackers from snooping on your remote connections.
Protect all endpoints
Many of today’s threats come directly to end users through email and through websites they visit. Once launched on the user’s machine, it starts to spread. In order to stop it before it starts, all endpoints must be protected. Traditional anti-virus solutions that use signature file downloads are becoming obsolete. Malware code is evolving and is infecting networks before a signature is detected. The solution to this trend is a next-gen agent on machines that will detect hashes to detect malware and viruses. This allows the endpoint agent to close in on these attacks and detect them before they spread throughout your network. These solutions are also tied back to cloud repositories of the largest database of malicious hash identifiers and known malicious IP addresses. These databases are updated by multiple security agencies as well as other consumers that see incidents in their environment. Sample code can also be submitted and sandboxed to allow it to be tested for malicious content.
Deploy application control and behavior monitoring
Protect the endpoint by implementing whitelist-based application control, which prevents unknown or malicious programs such as ransomware from executing within the system. Behavior monitoring works in the same vein, blocking anomalous modifications or unusual behaviors in the system. If a malware attempts to delete shadow copies, for instance, behavior monitoring can detect and tag it as a possible ransomware infection.
Source: Trend Micro
ITS is here to help. In addition to the preparations you can make above, we have sophisticated systems which we can quickly install to help with the mitigation, elimination and prevention of this and other types of system threats. Information security works best when deployed as a multi layered approach which starts with end-user education and awareness. Through our managed services department, we have arranged to allow for the temporary licensing of some specialty software specifically designed to help identify and mitigate compromised systems.
We have set up an emergency number for you to call if you need any advice or assistance.
ITS Hotline: 1-866-512-8324
Reach out to us today. Our team of trusted professionals are on hand at all times to provide your network with the best and most accurate security and protection solutions.