The first quarter of 2021 has seen the surge in ransomware attacks on companies continue, with most of the victims targeted when they had insufficient security measures in place to fight the attacks,leaving both their databases and valuable data vulnerable,
In most cases the use of a range of recommended measures would have prevented an attack from being successful. Here we have listed the standard measures that will bolster your cybersecurity suite.
Measure that can Fight Ransomware Attacks on your Business
There are several ransomware mitigations that can be implemented to reduce the risk of ransomware attacks and limit the severity of an attack should a network be compromised.
- Limit access to network resources: Use the principle of least privilege and implement a strict restriction administrative access and the ability to download and run software.
- Configure a strong spam filter: The use of a strong spam filter will prevent phishing attacks and malware delivered via email from infiltrating your databases.
- Use a web filter to review network traffic: Configuring a web filter will allows you systems to spot access attempts to malicious websites and recognise malicious IP addresses.
- Set up multi-factor authentication: Stolen log in details, taken during phishing attacks, allow ransomware actors to invade networks. Multi-factor authentication will stop this and act as an additional safeguard if one log-in credential is stolen.
- Limit or obstruct Remote Desktop Protocol (RDP): Consider if RDP is necessary and disable it wherever possible. Double check originating sources are restricted and implement multi-factor authentication as mentioned previously.
- Provide end-user security awareness training: This is make sure employees are aware of how to spot phishing emails and be conscious of cybersecurity best practices and participating in dangerous online activity.
- Invest in the best available AV software: Using an advanced anti-virus solution that conducts regular scans of all IT assets for malware, will keep your network safe.
- Apply patches promptly and update software regularly: This is crucial in order to fight the exploitation of vulnerabilities. The majority of vulnerabilities exploited in attacks are months old, yet patches were not applied.
- Turn off macro scripts in Office files: Turn off Office macros on all devices unless there is a business need for allowing them. Open Office files sharing using email using Office Viewer software rather than the full Office application.
- Do not allow inbound connections from Cobalt Strike servers: Do this and restrict the use of other post-exploitation tools where possible.
- Add application allowlisting: Only allow applications and systems to run programs as permitted by your security policy. Prevent the execution of programs from popular ransomware locations such as temporary folders and the LocalAppData folder.
- Put in place network segmentation: This is limit the harm that can be caused on different parts of your databases should an attack infiltrate your network.
- Prevent inbound connections from anonymization services: Turn off access from Tor and other anonymization services to IP addresses and ports where external connections are not standard or required.
- Create a robust backup policy: See to it that backups of critical data completed on a regular basis and tested to ensure file recovery can take place. Keep a copy of the backup in a secure offline place.