Avoiding the Illusion of Security – Ransomware Prevention Checklist

Black Friday discounts for hosting and VPS

There is no 100% secure IT system by definition, even if it is completely isolated from the outer world. Anything created by humans can be once compromised or destroyed by other humans.

While technologies are rapidly evolving changing the face of the world, the bad guys keep on top of the technological wave. Do not be fooled by the delusive feeling that nothing can happen to your infrastructure, whether highly-controlled on-premises or somewhere in the protected cloud.

Any advance in information technology is promptly adopted by skilled hackers for building future attacks. Cloud computing, artificial intelligence, machine learning, big data analytics, blockchain, and chatbots - all these great scientific breakthroughs are also used for evil intentions.

Sink or swim

Building future-proof security is a tough task because, in most cases, you have no idea where to expect the next attack from. The pessimistic view says that if your system becomes a priority target of some hacker gang, there is no escape from the damage. But this common "wisdom" does not justify the victim mentality.

There is a set of simple security rules that, if followed, would make the hacking process not worth the effort. Adopt them and stop exposing your IT assets as an easy gain.

Protect your business against potential cyber threats before the critical day comes!

The basics of cybersecurity hygiene

Among the three basic aspects of cybersecurity: people, processes, and technology, people are the weakest link.

Just an example of carelessness is the fact that 50% of people use the same password for personal and work accounts. With current social media engagement, on the background of a few work accounts one can have many dozens of personal accounts elsewhere in cyberspace. Why bother to keep them all different, especially, in the form of an incomprehensible, nondescript sequence of about 15 random characters? It seems so impractical! But this practicality often plays a bad joke.

Many people are careless about proper password protection. They create easy-to-remember passwords, which means they are easy-to-crack even with the software tools and computing resources available 20 years ago leaving apart the modern hacker's ammo. More than that. Nowadays, people tend to share their passwords with colleagues and friends, who with time become former colleagues and former friends, more often than a few decades ago.

The lack of cybersecurity hygiene on this primitive level leads to far-reaching consequences. It is not only about exposing yourself to threats of today. It increases the probability of future attacks, much more disastrous. The advent of 5G networks and the Internet of Things means that the current number of vulnerabilities will explode along with the number of devices.

Learn the lessons from the victim industries

Cyber-attacks are usually associated with massive scandals around data stolen from social media sites or credit card issuers. These are the traditional types of loot found on data dumps. However, any businesses and organizations are on hackers' radar, and the value of their data is continuing to grow.

According to Radware, 39% of healthcare organizations experience daily or weekly attacks by hackers. Most organizations reported an increase in malware attacks, but they’re also watching the number of distributed denial-of-service (DDoS) and socially-engineered attacks grow. The lessons from the healthcare, financial, government bodies, and other industries clearly show that vulnerabilities grow as more and more organizations migrate their processes online.

Just mind it: with every new log-in and connected device, there appears a new vulnerability.

Security skills shortage - what can be done?

No investment in security software will save the world and your particular organization. The continuously developing cybersecurity techniques, software solutions, and holistic programs still are not capable of decreasing the number of annual cyber-attacks.

Remember, humans, are the first line of defense. If it fails, all other lines of protection are useless. It is about instilling an all-encompassing security culture in your organization.

  • Brush up on the security policies and re-establish the rules.
  • Discuss threats and preventive actions with your team.
  • Make sure that everyone knows the basic security requirements, strictly follows them and is aware of evolving threats.

  • There is no purpose (and possibility) to educate you in some blog posts. We aim to make you alert that the digitalization of the world and mass migration to online, along with greater opportunities, creates new vulnerabilities daily. Below is an example of a Ransomware Prevention Checklist for you to go further and build your own set of checklists in other cybersecurity dimensions.

    Ransomware Prevention Checklist

    Endpoint Protection
    Disable the ability to launch applications from non-standard locations. (e.g. Temp directories)
    Utilize anti-malware solutions with a signatureless approach.
    Review privileged access accounts and randomize local admin accounts.
    Restrict USB access to only required personnel.
    Review the software installed on systems and utilize whitelisting if possible.

    Patch and Configuration Management
    Install Windows Security updates expediently to mitigate against ransomware.
    Enable Windows shadow copies.
    Validate that “Active Content” is disabled in Microsoft Office.
    Obtain the ability to have configuration changes alerted on and pushed back to gold standards.

    Vendor Supply Chain and Third Parties
    Segment vendor equipment from accessing the internal LAN as required.
    Perform a security risk review on all vendors before attaching to your network. .
    Validate third party vendor equipment is performing patch management that meets your standards.
    Validate that vendor equipment is scanned, segmented and running anti-malware tools up to your standards.

    Vulnerability Management
    Perform continuous vulnerability management to detect risks on your assets.
    Scan for vulnerabilities both internally and externally on your network.
    Prioritize vulnerability findings to protect against critical assets first.
    Use tools to allow for searching of IOC’s throughout the enterprise.

    Perimeter Security
    Validate that filtering technologies (e.g. Web filtering, IPS, and firewalls) are up to date with the latest signatures.
    Implement firewalls to limit access to particular areas of the network that house critical assets and data.
    Disable all unneeded ports and protocols externally (e.g. RDP, NetBIOS, SMBv1).
    Insert threat intelligence to assist with determining bad actors in network traffic.
    Implement an anti-phishing solution to limit ransomware payloads from being delivered to end-users via email.

    Storage and Backup
    Implement a backup solution with backups being stored offsite.
    Define appropriate RPO vs RTO on your data recovery.
    Test your backup and recovery strategy.
    Define the least privilege on all files and folders to reduce ransomware from spreading laterally.

    Review network device rulesets and validate that least privilege access on the network is occurring.
    Utilize DNS sinkholing as an additional layer of network security.
    Implement visibility solutions to monitor east/west network traffic throughout your network to detect ransomware.
    Implement SIEM/Log Monitoring for increased network detection of ransomware.
    Use private VLANS to assist with mitigatigation against lateral movement of ransomware on the network.

    Security Awareness
    Educate users on the threats of phishing/ransomware and common exploitation techniques.
    Proactively test users with fake phishing attempts to validate education.
    Setup decoy files to detect if users are following proper policy and procedure on file shares.

    Web Filtering Review
    Block all unnecessary and potentially harmful categories (e.g. personal email accounts or parked domains)
    Validate that you’re able to detect C2 communications to known bad IP addresses.
    Implement web filters that allow for the ability to proxy connections, perform URL re-writing, and can use cloud-based access.

    Data Discovery and Classification
    Determine where your classified data is being stored.
    Review the access privileges to this data and restrict as needed.
    Validate which systems are considered your key assets are who has access to it
    Wrap alerting around critical assets to protect sensitive data.

    Incident Response
    Create a playbook to assist with an outbreak of ransomware in your network.
    Validate that a communication plan is in place to contact needed personnel (e.g. Management, technicians, law enforcement, MSSP).
    Determine roles & responsibilities ahead of time to be more efficient when dealing with ransomware infections.
    Apply for cyber insurance to assist with damages if needed.

    Author: Pavlo Bereza

Share this: