Historically, Ransomware is known for encrypting files, restricting company access, and demanding some form of ransom to regain that access. Businesses wisely install modern backup solutions that allows them to recover from Ransomware without paying a ransom. Like any business whose revenue stream is shrinking, criminal businesses need to adapt and evolve to stay relevant. This is where the evolution of Ransomware comes in.
The cybercriminals (MAZE and REvil) are adjusting their targets to raise their success rates. They are aiming for industries and companies known to possess valuable data. The common victims are in finance, healthcare, legal, and hi-tech product manufacturing. Small businesses are a part of this common victims demographic because they cannot afford the most advanced security technology and large security teams. The bad guys know it and exploit it.
Their tactic is changing too! Instead of encrypting files and demanding a ransom, they want to get inside, find valuable data, steal it, and then encrypt files as a notice to the end user that they are in control. Once the cybercriminals have control, they threaten to leak the company’s sensitive information. Their ultimate goal is to hold the company image hostage and demand ransom to keep the data private. Cybercriminals are evolving their targets, technique, and demanding much larger ransoms than previously seen.
- Patching – Keep you computers and servers up to date with the latest security patches. Keep endpoint security (anti-virus) updated with the latest signatures so it knows about the newest threats. Ensure network security device firmware is updated to the most secure versions. This limits the vulnerabilities a cybercriminal can exploit to gain access to a company’s data.
- Segmentation – Configure the network to separate systems where sensitive and valuable data is stored & processed from the end user computing environment which is the most vulnerable and easily infected. This keeps breached or infected computers from spreading to the protected environments.
- Multi-Factor Authentication – Require this 2nd level of authentication on any systems that are accessible from the Internet. Three key examples are Email, Remote Access, and Web Applications. This will help prevent unwanted visitors from getting in through different password stealing and cracking methods
- Limited Local Admin – Computers require a user to have “Local Admin” privilege to install software. Malware is simply software with bad intent. To help negate the ability of malware to install without warning, users should not be the “Local Admin” of their computer
- Plan – Have cybersecurity and incident response plans. Have a 3rd party test your security and plans.
- Anti-Phishing – Enabling these security measure on your email system helps to minimize the phishing emails from ever getting into the Inbox. Phishing emails and the links contained within are the #1 vector for malware/ransomware
- Targeted Threat Protection – This advanced security measure evaluates and/or cleans email attachments which are another very common vector for carrying malicious software.
- Staff Training – Ongoing training of your end users is critical to protecting your company. Informed users know what to look for and how to identify suspicious emails. Tactics are always changing so a recurring program of training and testing is a modern requirement
ADDITIONAL LAYERS OF SECURITY
- Endpoint Detection and Response – These are modern security tools that utilize AI, machine learning, and advanced forensic techniques to prevent and/or quickly detect malicious activity. This is an important additional layer that goes beyond the capability of the anti-virus in use over the last 25 years.
- File Encryption at Rest – Deploying a solution to encrypt the most sensitive data while at rest in your system will prevent the criminals from accessing the contents. They may be able to steal a file or folder, but they will not be able to open. If they don’t have any sensitive material to release, they can’t hold anyone up for ransom
- Data Loss/Theft Detection – There are many types of technology that evaluate networks for inappropriate movement of data. They are able to detect when data is moving out of the company to unexpected places, in an unexpected manner, and/or is data is not allowed to be on the move.
- 24/7 Security Monitoring –If there are not humans monitoring systems and reacting to abnormalities, systems and procedures are only partially successful
In short, the attackers are always advancing targets and techniques to be more effective and profitable. A mix of sound fundamentals, advanced tools, and trained eyes will go a long way to prevent companies from suffering irrecoverable reputation damage.