In this article we will tackle some questions on how to cope with ransomware and how to prevent it.
THE MAIN REASONS WHY COMPANIES FALL VICTIM TO RANSOMWARE
There are multiple reasons why companies can fall victim to ransomware. Below we summed up the most common ones.
OUT-OF-DATE SYSTEMS
Out-of-date systems. One of the basic principles which are often underestimated is keeping all systems up to date.
New vulnerabilities are discovered every day. Software patches and updates are the suppliers’ response to those vulnerabilities. If systems are not updated, either because of the laxity of the administrators or because the system can no longer *be* updated since it is no longer supported by the supplier (such as Windows 7 since January 14). This means the existing vulnerabilities will remain, which gives attackers free rein on your systems.
A LAX PERMISSION MANAGEMENT
A too lax permission management is another reason a lot of companies are the victim of malware. Malware, and ransomware in this case, is especially designed to spread as fast and as far as possible.
If, for example, my computer is infected with ransomware, that malware will look for the resources I have permission for. These resources can include systems, applications, files, shared folders and networks. The more access rights I have the further the malware can spread.
Tip: Follow the “Least privilege” principle which states: Only give those permissions that are strictly necessary to perform the job.
A WEAK PASSWORDS POLICY
A weak passwords policy is another reason a lot of organizations fall victim to various cyberattacks.
- Weak passwords can be hacked or cracked very quickly (a rule of thumb: The longer the passwords the better; a minimum of 8 characters is advised in combination with a number and a special character)
- Reusing passwords is not done. Once a password is cracked on one system, the attacker has an easy job using this password on other systems. Like they say; he will kill two birds with one stone!
Weak passwords can be supplemented with Multi-Factor Authentication (MFA), which typically uses two or more independent access methods like passwords, security tokens, and biometric verification.
PHISHING
Phishing is a type of scam via email where attackers try to persuade people under false pretenses. They try to trick people to log-in somewhere, click on links, execute files, transfer confidential data (personal or professional), etc. The scenarios are countless as these hackers are very creative.
These phishing attacks are used to get a foot in the door. From there they work their way to their goal, which can be as various as the scenarios they use.
Nowadays, phishing is the number one used technique to hack companies (Cyber Security breach survey 2019 – UK Government). The attackers like to use phishing as it is the most easy way to reach a large audience. They just have to send one email to a large database. For companies, it is very difficult to arm themselves against these kinds of attacks. If only one employee is not alert enough and clicks a link or logs in somewhere unsafe, … he or she can put the entire company at risk.
HOW DO I DISCOVER THE VULNERABILITIES IN MY SYSTEMS TO AVOID A RANSOMWARE?
VULNERABILITY MANAGEMENT
Get the current status with regard to the vulnerabilities of your current systems. Vulnerability management allows you to regularly map your systems and associated vulnerabilities. The responsible teams gain insights into the identified vulnerabilities, furthermore they also see the progress when they take specific actions. More importantly, with automated vulnerability management, they can also check whether the implemented patches or changes were implemented correctly.
PENETRATION TESTING
Ask for help! There are companies employing specialized, ethical hackers who can examine your systems, identify the weaknesses, and help you prepare a remedial plan.
Examining and identifying the weaknesses of your systems is called a penetration test, or pentest. A security exercise, an analysis, where ethical hackers simulate a series of attacks on your environment, application (web, mobile, or API) or network to find and list your vulnerabilities, their exploitability which attackers could take advantage of and their impact.
The output of a pentest is to list vulnerabilities, the risks they may pose to applications or a network, and a concluding report. Common vulnerabilities include design errors, configuration errors, software bugs etc.
SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
Gain insight into the events in your area. Security information and event management (SIEM). (Managed) SIEM allows you to correlate and evaluate security events based on defined rules. A SIEM tool does not only provide a starting point in the event that unwanted behavior is detected, but also ensures that the events involved are stored in a location other than the compromised system.
HOW DO I REDUCE MY ATTACK SURFACE?
Your attack surface on your systems can be reduced in various ways, technical and non-technical. As stationed above there are a number of technical ways like:
- Keep your systems up to date
- Make sure you have a strong password policy
- A strong permission management
- A decent endpoint security
Another very important aspect to reduce your attack surface is ‘User Awareness’. If the users of your systems are aware of the dangers, the possibilities and the scenarios attackers use they are more likely to notice the attacks.
How to increase user awareness?
- Educate your employees so they are aware of the dangers, how they should recognize them, and especially how they should report suspicious cases
- Establish a safety policy and set rules
- Phishing campaigns – send phishing emails to employees yourself to measure how susceptible your company is to phishing attacks
WHAT IF I AM A VICTIM OF RANSOMWARE? WHAT CAN I DO?
When fallen victim to ransomware, the chances the attackers ask for money is substantial.
Do not pay in any case! You are not sure that the attacker will release your data after payment. And even if they release your data, you are not sure that they will not encrypt your data again with another key.
So what should you do?
Contact Cronos Security to check if that type of ransomware is not cracked and that decryption keys are available to the public.
CONCLUSION
A magical solution to prevent cyberattacks, like ransomware, does not exist. The best approach is known as the Castle Approach, an in-depth defense system. This is a concept in which multiple layers of security controls are implemented in the company’s IT systems. This means that when a security layer fails or forms a vulnerability another layer is still in place.