Can Ransomware be Prevented?

Author: Grant Mossman, Cyber Security Consultant @ Sure Business

Well could it be that simple. Let us look at a few things that we should be doing to reduce the risk of a ransomware attack and help slow (some-times stop) the spread of it through your organisation and make the recovery and clean up a lot easier. And I will first start with what is a Ransomware attack:

A ransomware attack happens when cybercriminals gain control of your organization’s data usually through a phishing email and typically encrypt your data, denying access until they receive a ransom payment almost always in some form of cryptocurrency. Any type of a cyberattack can prove costly and frustrating but forcing a company to pay a ransom to access its own data can be particularly infuriating.

I have grouped a few basic but essential steps we should all be doing to help reduce the chances of a ransomware attack and mitigate any effects of a breach.

Employees Education: This is probably one of the important steps to implement. Ransomware often enters your organisation via a Phishing email which an employee would then open. The malware infected email would then install and scan for critical data which it would then encrypt and hold for ransom.

Educating your employees on the ransomware threat and what they should do if they receive or if they have clicked on a suspicious email is vital in preventing a cybersecurity breach. A really good way to do this aside from the usual standard information security training is to run a phishing and social engineering simulation test within your organization.

An important piece to this is to ensure any third-party vendors are also educating their employees on cybersecurity best practices as criminals could easily exploit weaknesses in their network to breach your company.

As part of your vendor review process, ensure you understand the lengths your vendors are taking to impart security in the general culture of their organization.

EDR & Vulnerability: Your next line of defence is the endpoint, ensure your EDR and Vulnerability scanning software is kept current.

It is vital that all threat detection software is keep up to date and systems are scanned for vulnerabilities regularly. Verify and Patch systems as soon as patches become available. The longer it takes to patch a vulnerability, the more exposed you are, and more likely cybercriminals will exploit this weakness.

Multi-Factor Authentication (MFA): Zero trust is a hot topic lately and unfortunately is not a simple switch flip to turn it on. As a start on your Zero trust journey, you should enable Multi-Factor Authentication (MFA) across your environment. This would require a user to successfully present two or more pieces of evidence to an authentication mechanism, most commonly through a one-time password delivered via text. This makes it considerably harder for a cybercriminal to breach your organisations defence’s.

Least privilege permission model: Least privilege access is when a user or group are only given the minimum level of permissions that are needed to perform a given task. So basically, a user or group will only ever have the minimum permissions/access required to perform their role within the organization.

Why is this Important?

Reduces the cyber-attack surface. Most advanced ransomware attacks these days rely on the exploitation of privileged credentials. Least privilege enforcement helps to reduce the overall cyber-attack surface.

It improves end-user productivity. Removing local administrator rights from users will help to reduce the risk. Using the just-in-time (JIT) access methodology, can allow organizations to elevate permissions for human and non-human users in real-time.

Aids in stopping the spread of malware/ransomware. By enforcing least privilege on endpoints, malware/ransomware attacks are unable to use elevated privileges to increase access and move laterally to install or execute malware/ransomware on any other endpoints

Enforcing least privilege permission model helps organizations demonstrate compliance with a full audit trail of privileged activities.

Data Backups: The final step is your back-ups and is arguably the most important step here. As data is the lifeblood of almost every business. Backing up your data has never been more crucial today than ever before. It is even more crucial to have clean back-ups that are stored in a secure off-site environment. Additionally, immutable backups would be best. The benefit of immutable back-ups is that you can have versions of critical data that cannot be targeted by malicious actors and/or ransomware, cannot be unintentionally changed and is resistant to tampering.

Advantaged of Immutable Backups:

Protection against Ransomware: Immutable backups are at the top of the list of ransomware protection as they cannot be modified or affected by malicious encryption.

Threat prevention: Protection from a disgruntled former employee or a threat actor that is looking to harm your business, immutability safeguards your data from both internal and external threats.

Regulatory Compliance: Managing an unaltered version of data will allow the business to follow and adhere to strict compliance requirements.

So, there you have it, ransomware prevention in a nutshell. If only. In reality though I understand that implementing some of the above process/solutions can be an ongoing project and is usually hit with time and resource constraints. The important thing is that no matter the size of your organization is to make a start on this journey.