Ransomware has evolved into a highly advanced, highly complex threat – and it’s only going to evolve further. With that in mind, how can you minimize your risk of being affected by
ransomware? The answer is that you need to make it as hard as possible for ransomware actors to deploy their complex attacks, and to take advantages of opportunities presented
by changes in technology and society. To do this we recommend:
- Using the best cyber security technology, with a focus on disrupting the whole attack chain not just a single piece of malware.
- Applying best security practices at all times.
- Educating your staff on the risks and required behaviors through regular security awareness training.
Threat protection that disrupts the whole attack chain.
The best protection requires the best defenses, both for data held on premises and data stored in the public cloud.
Looking at the Ryuk example, we can see how different technologies work at different stages of the attack chain.
Strong security practices In addition to having strong technologies to disrupt the attacks, there are also a number of best practices you should apply to increase your defensive shield:
- Use multi-factor authentication (2FA)
- Use complex passwords, managed through a password manager
- Limit access rights; give user accounts and administrators only the access rights they need and nothing more
- Make regular backups, and keep them offsite and offline where attackers can’t find them – they could be your last line of defense against a six-figure ransom demand
- Patch early, patch often; ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe
- Lock down your RDP; turn off RDP if you don’t need it, and use rate limiting, 2FA, or a VPN if you do
- Ensure tamper protection is enabled – Ryuk and other ransomware strains attempt to disable your endpoint protection and tamper protection is designed to prevent this from happening
Ongoing staff education.
People are invariably the weakest link in cyber security, and cyber criminals are experts at exploiting normal human behaviors for nefarious gain. Most Ryuk attacks arrive via an email with a malicious attachment. If you can stop people clicking on the attachment in the first place, you stop the threat getting into your network. We therefore recommend you invest – and keep investing – in staff training. To help, the #EthosSecure free anti-phishing toolkit gives you a set of handy resources to educate your team on phishing, including:
- Educational poster for your office
- Examples of phishing emails
- Top tips to spot a phish
- PowerPoint deck for internal training sessions
- Phishy flowchart to help people identify phishing emails
Ransomware is the cyber threat that just won’t die. Why? Because criminals keep taking advantage of new developments in technology and society to refine and enhance their ransomware attacks. If we take one lesson away from our 30-year history of fighting ransomware, it’s that ransomware is going to keep evolving.
The best defense against ransomware is a combination of layered protection at the endpoint and gateway to disrupt the attack chain, diligent application of security best practices at all times, and ongoing user education.