September 21, 2018 - Kenneth Odem
3 IT Strategies to Combat Ransomware
Ransomware has been a growing threat year after year. In fact, according to CyberSecurity Ventures, it is predicted that ransomware is expected to take a great share of the 6 TRILLION dollar cybercrime industry by 2021. Often times, organizations do not have adequate ways to combat this threat. Many IT managers think that anti-virus software is the cure-all, and unfortunately, it is very easy for predators to fool anti-viral software.
In this article, we will address how ransomware works, and then follow up with ways to address each scenario.
Email Links & Attachments
Employee interactions with emails that appear to be legitimate have been an issue for over a decade and continue even today to trick individuals into thinking as such. The two main ways a hacker tries to infect a host is via links within the email and attachments.
- Email Links – Typically this is the most threatening. The reason being is that a user clicks on the link and at the time the site loads, the user visiting could be immediately infected without having to fill out any other details or interact further with the website.
- Email Attachments – Anti-virus software may be able to detect this but often times, a user is allowed to open the file, even with anti-virus software, and the payload is able to do its intended job – to hijack your information and demand ransom. For this reason, it is important for a company to be able to stop these attacks before they are able to go down the pipe to end-users (employees).
Relaxed Password Policies on Server Infrastructure
While there are many sub-subjects related to addressing relaxed password policies, there are two primary ways a hacker can gain access themselves and deliver a payload that can potentially spread to your overall infrastructure.
- Brute Forcing an Administrator or Root account – If you have weak passwords associated with your Administrator (Windows) or Root (Linux) accounts, it may be very easy to brute force and gain access this way.
- Standardized Password Formatting – Some organizations have unique password formatting where much of the password is the same with a few predictable variables. This gives the opportunity for a former vendor or employee to gain access.
The 3 Ways to Combat
Hosted Email Security Gateway – One of the most crucial ways to combat ransomware attempts is to have protection in the infrastructure layer before emails are delivered to the end-user. One great way is a hosted email security service. Such as service is built for the enterprise and is constantly updated with new threats. It also provides a host of other benefits that every organization should consider.
Disable Administrator/Root Accounts – This is a very easy step for organizations to take and adds another layer of guess work for a potential hacker.
Establish Specific Password Policies – There are many software’s built for the enterprise that you can utilize to help manage your passwords in addition to providing other security features for your infrastructure. This software can help enforce policies and provide a number of benefits including:
- Resetting certain device passwords every so often
- Randomized complex passwords, as per any policy you have established
- Monitoring/recording of RDP and console sessions for certain critical devices (or all devices)
- Can establish approval workflows and real-time alerts on password access
- Helps meet security audits and regulatory compliance for such standards as HIPAA, PCI, and SOX.
Other Important Considerations:
If all else fails, have siloed backups
An organization can only do so much to protect themselves. However, even with all the measures mentioned, there is still a chance of intrusion. When this happens, never pay the ransom! Instead, you should rely on your managed backups to restore from. In either case, you will need to reimage the infected hosts to get rid of any backdoors the hackers could have created.
Employees should be trained on how to identify threats and properly report any suspicious emails to the IT department. By reporting, the IT department can then feed it to the hosted email security platform so that it learns and improves so that the threat stops before showing up on another employees inbox, who may not be able to identify it as an intrusion attempt.
Wowrack’s managed security team can help guide your organization to see what you currently have setup and make recommendations, free of charge, to what you can do to improve. Contact us today for your free consultation!