Don‘t Be Held Hostage! 4 Ways to Prevent Ransomware Attacks

By North SA Chamber Editor
Posted on by
Submitted by Tom DeSot
Digital Defense, Inc.

08-ransomeware News headlines are rampant with accounts of ransomware attacks shutting down schools, hospitals and businesses across the country. Cyber criminals are infecting machines with malicious code, and then executing the code to encrypt and hold the data “hostage”. Once the ransom is paid, the attacker decrypts the data and returns the files to the user. In many cases, the longer someone waits to pay, the more money they have to spend to regain access to files.i

Never has it been more crucial for businesses of all sizes and industries to focus on preventative solutions and embrace a holistic approach to information security.

While there is no ‘silver bullet’ or ‘quick-fix’ to prevent a ransomware attack, there are key steps that can be taken to mitigate risks.

According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time.

— Harpooning Executives: How Phishing Evolved into the C-Suite,
a joint eBook written by Intermedia and Intel Security

1. Eliminate Vulnerabilities

Many recent malware attacks have occurred due to the exploitation of vulnerabilities. A recent study highlights 4 vulnerabilities, all of which have available patches: Adobe Flash Players’ CVE-2015-7645, CVE-2015-8446, CVE-2015-8651, and Microsoft Silverlight’s CVE-2016-0034. With ongoing vulnerability management practices in place, organizations can efficiently identify information security weaknesses and work to patch vulnerabilities. If you are not consistently leveraging a vulnerability scanning solution that provides accurate and decipherable data, now is the time to start.

Vulnerability Scanning
– Security Savvy Questions and Answers You Need to Know.

  • Is my scanning solution accurately addressing my security needs? You may be investing large amounts of money on remote scanning only to have the largest threats missed because your scans are not authenticated. A good practice is to employ a vulnerability scanning tool that has the ability to assess by way of authenticated scanning (credential based) or agent based technology.
  • Am I scanning frequently enough? Scanning once a year is never enough. Scanning once a quarter may not be sufficient, with the number of new vulnerabilities plaguing networks across the world. Monthly scanning is recommended, with the ability to scan on-demand as needed.

2. Reduce Human Vulnerabilities:
Increase the Security IQ of Your Organization with Awareness Training for Executives

The majority of ransomware cases are initiated by way of phishing attacks against employees. For the past decade, spear phishing – the dark art of sending personalized e-mails designed to trick a specific person into divulging login credentials or clicking on malicious links – has largely been limited to espionage campaigns carried out by state-sponsored groups. That is no longer the case. Today spear phishing is one of the most effective ways to spread malware that encrypts valuable data and demands a ransom to undo the damage.ii

While most organizations place a high focus on employing safeguards for their networks, technology is only one piece of the equation. Organizations must effectively educate employees to fend off attacks which target human vulnerabilities.

All employees are at risk of a spear phishing attack but hackers are increasingly targeting and effectively exploiting senior level executives. These executives often have greater access to a company’s accounts, platforms and systems, making the chance of an exploit more lucrative.

According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time.

— Harpooning Executives: How Phishing Evolved into the C-Suite,
a joint eBook written by Intermedia and Intel Security

One way to combat this is to ensure that all employees are properly educated on information security best practices, even those at the highest levels. Executives are often exempt from security awareness programs or do not complete them due to other commitments and perceived hassle in regard to the required time for completion. When educating executives, look for a security awareness program that is short, memorable and technically sound. A program that is entertaining can also help with making the education process more enjoyable and effective.

Tips for Effective Security Awareness Training

  • Train employees at all levels within the company
  • Obtain a Top Down Approach and demonstrate executive leadership and support
  • Keep Security top of mind with a Year Round training approach
  • Make Training Fun with a Theme
  • Win with Gamification
  • Incentivize & Motivate

Focus on Crucial Topics

  • Password Development
  • Mobile Device Security
  • Social engineering
  • Safe Web Browsing
  • Preventing Virus & Malware Outbreaks

3. Test to Measure Success

Want to measure how security savvy your employee base is? The security intelligence of your organization can be tested with a social engineering engagement. Social engineering assessments can be performed remotely or onsite.

While both are crucial, to address recent malware tactics it is recommended to begin with remote social engineering attacks, which are cyber attacks performed via the phone, email or online against employees, suppliers and contractors, with the intent to obtain an organization’s confidential information.

These assessments will examine the security awareness and behavior practices of your employees, contractors and suppliers.

75% success rate with social engineering phone calls to businesses. iii

Common Things to Expect in a Social Engineering Assessment

  • A third party could place calls to your internal staff members and, upon request, to your suppliers, attempting to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.
    Examples:

    • “We are seeing questionable activity from your machine.”
    • “It’s time for updates. Please help me run these commands”
    • “As your IT team, we are committed to defending against a security breach. Please help us test the strength of your network credentials.”
  • Targeted emails could be sent which include an action request for the user to call a local number for more information.
  • Simulated email-based phishing attacks could target employees with an action request for the user to reply to the message with information or to click on a link.

4. Go Beyond the Backup

Organizations that have fallen victim and who had no choice but to pay the ransom may not have had a backup system in place. All sensitive data should be backed up on a regular basis to avoid a devastating loss.

  • Back up network files as well as workstations and servers.
  • Full backups should be conducted on a weekly basis, with an incremental differential backup on a daily basis.
  • Test your backups by conducting drills to ensure you can restore the information you need to recover from the incident.
  • Document your tests to prove to senior management, regulators, and auditors that you have full recovery capabilities in place in the event of a ransomware outbreak.

The threat landscape is changing at an ever-increasing pace. Defending against a ransomware attack will require a team committed to improving security through technology, training, assessments, policies and proper configurations.

While much can be done in-house, sometimes is makes more sense to turn to experts and let them do the heavy lifting, saving time and money while bolstering security.