News and commentary on ransomware have hit a fever pitch with recent, high-profile attacks against global software management provider Kaseya, gas supplier Colonial Pipeline, popular Cape Cod ferry service The Steamship Authority, and JBS, the world’s largest meat company by sales. The attacks highlight ransomware’s ubiquity and effectiveness among the different kinds of cyber threats. With more than 4,000 ransomware attacks occurring daily since the start of 2016 according to The U.S. Department of Justice, every company of every size, every network stack and every infrastructure deployment is a potential target.
While general cybersecurity insights are useful to frame conversations, leaders and teams across every vertical need detailed ransomware prevention tactics to safeguard their business’s data, financial health and reputation. Here are five high-priority tactics for businesses that want to prevent ransomware infection right now.
Do Some Homework: Understand What Ransomware Does and That CISA Actively Helps
It’s worth spending a morning reviewing the valuable tips, alerts and resources from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For businesses of every size, the site’s well organized checklists, assessments, frameworks, and training modules are immediately helpful — and all of it is free.
CISA’s explanation of exactly what ransomware does is a useful starting point:
“Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted — the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.”
“[M]ay provide,” indeed. Now that the ransomware model has expanded to one that any criminal organization can purchase, i.e., ransomware-as-a-service, hacker technical expertise and “honor codes” are hardly worth the bet. Guidance from CISA and the FBI is clear on payment. Don’t do it. That means preventing infection in the first place is non-negotiable.
Do Basic Tuning Now: Filters, Authentication, Patches, and Web App Firewalls
Keeping up with the basics goes a long way to prevent ransomware attacks — which often trick users into browsing malicious emails and websites that are infected with remote-control viruses designed to hijack the target’s device. Many basic tuning tasks do not require esoteric technical expertise. Do what you can now:
- Major email systems have a “rules” section where individuals or an administrator can filter and restrict suspicious communication. Step-by-step setup in Microsoft 365 for Outlook and in Gmail is readily available on their YouTube sites and support centers.
- Require multifactor authentication (MFA) or other strong authentication method for a user to access websites and applications. MFA might include a complicated password (what the user knows) and a security token like a code sent to your mobile device (what the user has) and biometric verification like a fingerprint or face scan (what the user is). The layered defense is worth the extra few moments it takes to authenticate.
- Patch. Patch. Patch. Know all of the software in use at your business and update it as soon as releases are available. Don’t wait. CISA maintains a timely security updates list from major players including Google, Cisco, Apple, VMWare, and Citrix.
- Depending on the nature of a business’s website, setting up an effective web application firewall (WAF) to inspect HTTP traffic may require more technical expertise than other basic prevention tactics. But it’s a bedrock measure nonetheless. Web development platforms with enterprise-grade security might leverage services from Azure or AWS, and engineers may seek specialized help with implementation.
Prioritize a Robust Review of Attack Surfaces and Networks
Every business should have a clear plan that aggressively minimizes IT attack surfaces, and every leader should understand exactly what that plan does and how it’s being implemented right now. Sharply reducing servers, cloud services, network devices, and protocols that can be accessed from the internet or other outside channels is the goal. Since those entities will be hijacked after an intrusion, severely limiting their exposure and accessibility makes it harder for different kinds of ransomware to get in.
Companies that have business units distributed across regions or around the world must ensure that each operation’s nodes and network stack in use meet the same robust standards as headquarters. There are cases where intrusion and encryption of corporate data originates from a satellite operation with network firewall vulnerabilities and other weak defenses. Assessing on-the-ground IT differences and rectifying them with urgency is a “macro” prevention tactic.
Build Employee Buy-In With Consumable Cybersecurity Training … Starting Monday
Proactively ensuring that employees genuinely understand the steps they need to take every day to prevent ransomware infection is vital and doable, even if it feels like cat-herding. Company culture should lift employees with a sense of ownership and responsibility to keep the business safe.
By conducting ongoing, creative cybersecurity awareness training — with special attention to ransomware — protective action can become routine for employees. They will know how to: identify and never engage suspicious URLs, emails and attachments; recognize and avoid suspicious applications; avoid disclosing personal information; avoid using public Wi-Fi as much as possible; and never use an unknown USB stick or other hardware, among other tactics. Training can be designed as a fun, 15-minute exercise every few days that keeps security top of mind and ensures no one is afraid to act when they encounter a red flag.
Try Weird (and Proven) Tricks
Security experts occasionally share tactics that get less airtime in the media but nevertheless help ward off some ransomware attacks, like installing a Cyrillic keyboard on a PC. Many hackers based in Russia and the Ukraine take great care not to attack those countries’ businesses or those of allies, including global operations. While ransomware continues to get savvy, there are still thousands of malicious scripts out there that will check for the coded presence of Russian, Ukranian, Tajik, Uzbek, Kazakh, Turkmen, Syrian-based Arabic, and others on systems and then not install the ransomware as a result of that check. While it’s far from a fail-safe trick, it may offer some protection and is easy to execute.
Another trick is to create separate accounts on your PC (or Mac) via the operating system itself. Different privileges can be accorded to different user accounts. Some ransomware needs administrator privileges to execute. Purposefully reading one’s email on an account with limited privileges is another tactic that can block some ransomware.
In the foreseeable future, ransomware will only become more sophisticated and aggressive — and even more prevalent as it leverages new kinds of AI to adapt to cybersecurity measures. The urgency of adopting tough prevention tactics now is difficult to overstate. As with any unwanted infection, preventing it is better than dealing with disaster recovery, though every business should be prepared on that front as well.
News and commentary on ransomware have hit a fever pitch with recent, high-profile attacks against global software management provider Kaseya, gas supplier Colonial Pipeline, popular Cape Cod ferry service The Steamship Authority, and JBS, the world’s largest meat company by sales. The attacks highlight ransomware’s ubiquity and effectiveness among the different kinds of cyber threats. With more than 4,000 ransomware attacks occurring daily since the start of 2016 according to The U.S. Department of Justice, every company of every size, every network stack and every infrastructure deployment is a potential target.
While general cybersecurity insights are useful to frame conversations, leaders and teams across every vertical need detailed ransomware prevention tactics to safeguard their business’s data, financial health and reputation. Here are five high-priority tactics for businesses that want to prevent ransomware infection right now.
Do Some Homework: Understand What Ransomware Does and That CISA Actively Helps
It’s worth spending a morning reviewing the valuable tips, alerts and resources from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For businesses of every size, the site’s well organized checklists, assessments, frameworks, and training modules are immediately helpful — and all of it is free.
CISA’s explanation of exactly what ransomware does is a useful starting point:
“Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted — the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.”
“[M]ay provide,” indeed. Now that the ransomware model has expanded to one that any criminal organization can purchase, i.e., ransomware-as-a-service, hacker technical expertise and “honor codes” are hardly worth the bet. Guidance from CISA and the FBI is clear on payment. Don’t do it. That means preventing infection in the first place is non-negotiable.
Do Basic Tuning Now: Filters, Authentication, Patches, and Web App Firewalls
Keeping up with the basics goes a long way to prevent ransomware attacks — which often trick users into browsing malicious emails and websites that are infected with remote-control viruses designed to hijack the target’s device. Many basic tuning tasks do not require esoteric technical expertise. Do what you can now:
- Major email systems have a “rules” section where individuals or an administrator can filter and restrict suspicious communication. Step-by-step setup in Microsoft 365 for Outlook and in Gmail is readily available on their YouTube sites and support centers.
- Require multifactor authentication (MFA) or other strong authentication method for a user to access websites and applications. MFA might include a complicated password (what the user knows) and a security token like a code sent to your mobile device (what the user has) and biometric verification like a fingerprint or face scan (what the user is). The layered defense is worth the extra few moments it takes to authenticate.
- Patch. Patch. Patch. Know all of the software in use at your business and update it as soon as releases are available. Don’t wait. CISA maintains a timely security updates list from major players including Google, Cisco, Apple, VMWare, and Citrix.
- Depending on the nature of a business’s website, setting up an effective web application firewall (WAF) to inspect HTTP traffic may require more technical expertise than other basic prevention tactics. But it’s a bedrock measure nonetheless. Web development platforms with enterprise-grade security might leverage services from Azure or AWS, and engineers may seek specialized help with implementation.
Prioritize a Robust Review of Attack Surfaces and Networks
Every business should have a clear plan that aggressively minimizes IT attack surfaces, and every leader should understand exactly what that plan does and how it’s being implemented right now. Sharply reducing servers, cloud services, network devices, and protocols that can be accessed from the internet or other outside channels is the goal. Since those entities will be hijacked after an intrusion, severely limiting their exposure and accessibility makes it harder for different kinds of ransomware to get in.
Companies that have business units distributed across regions or around the world must ensure that each operation’s nodes and network stack in use meet the same robust standards as headquarters. There are cases where intrusion and encryption of corporate data originates from a satellite operation with network firewall vulnerabilities and other weak defenses. Assessing on-the-ground IT differences and rectifying them with urgency is a “macro” prevention tactic.
Build Employee Buy-In With Consumable Cybersecurity Training … Starting Monday
Proactively ensuring that employees genuinely understand the steps they need to take every day to prevent ransomware infection is vital and doable, even if it feels like cat-herding. Company culture should lift employees with a sense of ownership and responsibility to keep the business safe.
By conducting ongoing, creative cybersecurity awareness training — with special attention to ransomware — protective action can become routine for employees. They will know how to: identify and never engage suspicious URLs, emails and attachments; recognize and avoid suspicious applications; avoid disclosing personal information; avoid using public Wi-Fi as much as possible; and never use an unknown USB stick or other hardware, among other tactics. Training can be designed as a fun, 15-minute exercise every few days that keeps security top of mind and ensures no one is afraid to act when they encounter a red flag.
Try Weird (and Proven) Tricks
Security experts occasionally share tactics that get less airtime in the media but nevertheless help ward off some ransomware attacks, like installing a Cyrillic keyboard on a PC. Many hackers based in Russia and the Ukraine take great care not to attack those countries’ businesses or those of allies, including global operations. While ransomware continues to get savvy, there are still thousands of malicious scripts out there that will check for the coded presence of Russian, Ukranian, Tajik, Uzbek, Kazakh, Turkmen, Syrian-based Arabic, and others on systems and then not install the ransomware as a result of that check. While it’s far from a fail-safe trick, it may offer some protection and is easy to execute.
Another trick is to create separate accounts on your PC (or Mac) via the operating system itself. Different privileges can be accorded to different user accounts. Some ransomware needs administrator privileges to execute. Purposefully reading one’s email on an account with limited privileges is another tactic that can block some ransomware.
In the foreseeable future, ransomware will only become more sophisticated and aggressive — and even more prevalent as it leverages new kinds of AI to adapt to cybersecurity measures. The urgency of adopting tough prevention tactics now is difficult to overstate. As with any unwanted infection, preventing it is better than dealing with disaster recovery, though every business should be prepared on that front as well.