12 ways to prevent, detect and recover from ransomware and zero day threats

  1. Security awareness training
    • There are a few different ways that ransomware can get into your network, but one of the most likely is via a phishing attack. As soon as an employee unknowingly taps or clicks on a link they should not or opens the wrong email attachment, ransomware may gain a foothold on their system and rapidly spread across your network.
    • Rigorous security awareness-training programs can reduce the threat of employee error leading to a ransomware infection.
  1. Updates, patches and configuration
    • Proper endpoint security hygiene is essential in preventing ransomware. Attackers will typically look for vulnerabilities and misconfigurations that they can exploit to gain access to your network. Don’t make it easy for them. Ensure that devices and systems are regularly updated with the latest security patches, don’t make do with default configurations, and take the time to disable any features you don’t need.
  1. Up to date asset inventory
    • If you do not know precisely what devices are legitimately connected to your public and private clouds, then how can you hope to recognize or prevent an attack? You need a real-time overview of all devices on your network and a clear understanding of what permissions each device should have based on the user. Do you know how many unmanaged devices you have in your network? IoT is a big target.
  1. Continuous vulnerability assessment
    • Cybercriminals will always take the path of least resistance and so ransomware attacks often exploit known vulnerabilities in popular software. You need a security system that’s updated with the latest revelations in terms of vulnerabilities, and this data must be cross-checked with your network to ensure you’re not offering an easy route in.
  1. Real-time traffic monitoring
    • There’s a lot of focus on filtering and blocking inbound connections, but you should do the same with outbound connections as well. Ransomware will typically gain access and then dial home for further instructions. If you can block initial outbound attempts to connect to the attacker’s server, then you may be able to stop the ransomware attack before it gets off the ground. Any suspicious traffic in either direction should be flagged automatically and generate alerts for further investigation.
  1. Intrusion detection
    • For proper protection, you need a system that can recognize the signs of a ransomware attack whether it is communication with a known bad actor, sending data via a covert channel, or disabling firewalls or antivirus software. Suspicious updates to policies, unscheduled scans, and update failures can also all be warning signals. Spot them in time and you might be able to quarantine infected systems before the ransomware spreads.
  1. File integrity monitoring
    • If you set up file integrity monitoring on business-critical data, then you will get automatic alerts if any critical file is accessed or altered. This can help you to spot a ransomware attack much more quickly and act to limit its impact. Who has access and what are they accessing?  The best is understanding a user’s normal behavior.
  1. Log monitoring and analysis
    • It is impossible for cybercriminals to launch and run a ransomware attack without leaving traces of their activity across your network. Consider employing security information and event management (SIEM) software capable of scanning system logs, app logs, and activity logs to collate and analyze data and flag unusual behavior. User and entity behavior analytics (UEBA) is the next piece of the puzzle.
  1. Continuous threat intelligence
    • You need to be monitoring your network in real-time to gain a clear picture of your security, but every monitoring tool is only as good as the information it has. The latest threat intelligence is vital if you expect to catch ransomware attacks swiftly and prevent them from spreading. Beyond specific known threats in terms of ransomware flavors, you also want to arm security software with an understanding of the latest types of activity and behaviors common to cutting edge malware. Artificial intelligence and machine learning are now being incorporated in many of the latest network security technologies to be your second set of eyes.
  1. Multi-Factor Authentication (MFA)
    • Verify the identity of all users with strong two-factor authentication, before granting access to corporate applications to protect against phishing and other access threats. Two-factor authentication wide variety of authentication methods enable every user to securely and quickly log in. Two-factor authentication Push, sent by our two-factor authentication Mobile authentication app, allows users to approve push notifications to verify their identity.
  1. 3rd Party Email Protection
    • Email Protection solution helps organizations like yours prevent email-borne ransomware as well as protect email systems from downtime or data loss. Unlike vendors of standalone security or backup products, email protection tackles ransomware with a layered cyber resilience solution; bringing together protection, continuity, archiving, and recovery capabilities for your email from a single cloud solution. Phishing attackers cast a wide net in hopes of catching anyone, while spear-phishing attacks are highly targeted and customized for their intended victim. Although high ranking employees are the most common targets, it's crucial to protect all users as attackers aim to infiltrate your organization any way they can.
  1. Reliable backup and recovery
    • Even if you take every possible precaution to try and prevent ransomware from gaining entry and to swiftly detect attacks, there may still be times when your defenses fall short. The single best way to safeguard against ransomware attacks and lessen the potential impact on your business is to maintain a regular, secure backup system alongside a clear recovery plan that allows you to restore a recent backup immediately should you need to.

 

All of these 12 steps are critical to protecting your systems from being compromised in one way or another. Hackers have become more and more specialized and have no moral compass for any business of any kind, especially if the hackers are overseas (most are) and attacking companies in the U.S. With payments always, being requested in Bit Coin they can stay anonymous. Hacking is a simple process, they scan networks looking for any possible hole they can get, and this can be as simple as finding one open port on a windows desktop or a factory default username and password and any network device. Once a hacker gains access they are connected to the network, and go anywhere, do anything they please.  Now they have access to files, data, and anything in between. Threats are a daily occurrence, more and more companies go through this situation all the time, however taking the steps listed should be a defense mechanism and prevent 99% of what we know are entry points today.

Back