We all know the threat that ransomware poses. Once files are encrypted with a public key a file is essentially unrecoverable without the matching private key. Ransomware is easy to obtain and, in most cases, easy to deliver. Since we can’t avoid the threat, here are five useful tactics we must use to establish credible defenses.
- Avoid Risks By Not Getting Infected: We can prevent infection by: limiting access to the internet to those who need it, limiting protocols allowed on segments, limiting access to internet sites, quarantining or sandboxing of suspicious e-mail, training users not click on hyperlinks, training employees not to open unsolicited or unexpected emails, disable macro scripts from office files transmitted over email, preventing programs from executing from common ransomware locations (e.g., temporary folders).
- Limit Damage By Limiting User Access To Network Resources: Limiting user access to network resources within our organizations can avert damage from a ransomware attack. We exercise the limitation to the user by: segmenting networks, providing alternative networks for risky activities (IOTs, personal device usage and for remote access), limiting file access to necessary activities (i.e. read-only where possible). We can strive to limit the vulnerability created by privileged users which will regulating the number of privileged users and requiring multi-factor authentication for privileged users.
- Limiting Damage By Early Detection Of Attacks: We can also limit the damage through early detection of attacks by: monitoring file read/write/delete activity to detect anomalous activity, establishing performance standards to detect unusual CPU or disk activity, and by training personnel to respond and follow the Incident Response Policy that includes ransomware scenarios.
- Limiting Damage By Frequently Backing Up Systems: Backup methods on should be to systems that have separate access controls and in manners that retain operational capabilities (i.e. retaining indexations and configurations necessary to use the information).
- Limiting Or Transferring The Impact We as organizations can limit or transfer the impact of ransomware by having insurance to cover some of the costs of maintaining services and recovering data processing resources in the event of a ransomware attack. We can also limit the impact by having a Business Continuity Plan that includes alternative processes that address ransomware scenarios. These possible scenarios are: damage to strategic assets including servers, databases and network devices; damage to vendors; and damage to cloud-based resources
“Ransomware is a threat that is evolving. Designing defenses now can save considerable pain.“