IT/system administrators can further quarantine ransomware through a sandbox or similar virtual environments. If a malware attempts to delete shadow copies, for instance, behavior monitoring can detect and tag it as a possible ransomware infection. Behavior monitoring works in the same vein, blocking anomalous modifications or unusual behaviors in the system. Protect the endpoint by implementing whitelist-based application control, which prevents unknown or malicious programs such as ransomware from executing within the system. Deploy application control and behavior monitoring Ultimately, these solutions can help mitigate any damage incurred from a breach or attack. Classifying data not only makes access more efficient but also determines their value within the organization. Network segmentation not only mitigates local traffic congestion it also improves security by allocating only the resources specific to the user, which significantly diminishes ways for attackers to move laterally within the network.ĭata categorization can accomplish the same thing. There are also other approaches you can consider. Utilize encrypted channels to prevent attackers from snooping on your remote connections. Implement multi-factor authentication and lockout policies. Strengthen your remote desktop credentials against brute-force attacks. A single, vulnerable machine is sometimes all it takes to infect systems and servers within the network.
SAMSAM, Crysis, and the Linux-based Erebus ransomware demonstrated that servers should also be defended. They also provide forensic information that can help detect incursion attempts and actual attacks. Firewalls and intrusion detection and prevention systems help pinpoint, filter, and block malicious network traffic and activity. Protecting the network against ransomware is a must as these threats leverage infected networks to communicate with their command and control (C&C) servers and propagate to other systems within the network share. Multilayered defense against ransomware Protect the network and servers Disable unnecessary and outdated protocols and programs that can otherwise give attackers entry points into your systems. Restrict and limit exposure by granting end users enough access or privileges to accomplish a task or run an application. Mitigate these kinds of attacks by enforcing the principle of least privilege. Master boot record-wiping ransomware HDDCryptor used freeware and commercially available software. Petya made use of PsExec, while many fileless malware misuse PowerShell. This modus operandi provides bad guys efficiency, convenience, and stealth.
Securely use system components and administration toolsĬybercriminals are increasingly abusing legitimate utilities and system administration tools to install and execute malware. For zero-day exploits and vulnerabilities whose patches may be unavailable, consider virtual patching. Patching and keeping the OS and its software/programs updated can effectively thwart attacks that exploit security flaws. WannaCry, for instance, had a worm-like propagation via the EternalBlue exploit, allowing it to spread like wildfire across networks. Many file-encrypting malware take advantage of vulnerabilities to get into the system. Keep your programs and operating system updated Simplify (and document) your backup procedure so that authorized staff can easily retrieve them when needed. Periodically test your backups to check that they're readable. Backups are only valuable if they're accessible.
When backing up your data, ensure its integrity. Practice the 3-2-1 rule by creating three backups in two different formats with one stored offsite. Eliminate the data kidnapper's leverage by regularly backing up your files. Ransomware capitalizes on fear-the fear of getting locked out of your machine, losing access to mission-critical or personal data, or disrupting business operations. Here are some best practices for mitigating ransomware. Indeed, as ransomware further evolves, so should the IT/system administrators and information security professionals who protect their organization’s crown jewels end users must be equally proactive, and defense in depth must be practiced to combat them. Car manufacturing plants had to stop production, and power grids were disrupted. Affected hospitals had to turn away patients or shut down their emergency wards. As far as impact is concerned, look no further than the WannaCry and Petya outbreaks that affected thousands. In 2016, it cost victims over US$1 billion in losses. No business or user is too big or too small for ransomware.